Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security

+185

Documentation/ABI/stable/sysfs-class-tpm

··· 1 + What: /sys/class/misc/tpmX/device/ 2 + Date: April 2005 3 + KernelVersion: 2.6.12 4 + Contact: tpmdd-devel@lists.sf.net 5 + Description: The device/ directory under a specific TPM instance exposes 6 + the properties of that TPM chip 7 + 8 + 9 + What: /sys/class/misc/tpmX/device/active 10 + Date: April 2006 11 + KernelVersion: 2.6.17 12 + Contact: tpmdd-devel@lists.sf.net 13 + Description: The "active" property prints a '1' if the TPM chip is accepting 14 + commands. An inactive TPM chip still contains all the state of 15 + an active chip (Storage Root Key, NVRAM, etc), and can be 16 + visible to the OS, but will only accept a restricted set of 17 + commands. See the TPM Main Specification part 2, Structures, 18 + section 17 for more information on which commands are 19 + available. 20 + 21 + What: /sys/class/misc/tpmX/device/cancel 22 + Date: June 2005 23 + KernelVersion: 2.6.13 24 + Contact: tpmdd-devel@lists.sf.net 25 + Description: The "cancel" property allows you to cancel the currently 26 + pending TPM command. Writing any value to cancel will call the 27 + TPM vendor specific cancel operation. 28 + 29 + What: /sys/class/misc/tpmX/device/caps 30 + Date: April 2005 31 + KernelVersion: 2.6.12 32 + Contact: tpmdd-devel@lists.sf.net 33 + Description: The "caps" property contains TPM manufacturer and version info. 34 + 35 + Example output: 36 + 37 + Manufacturer: 0x53544d20 38 + TCG version: 1.2 39 + Firmware version: 8.16 40 + 41 + Manufacturer is a hex dump of the 4 byte manufacturer info 42 + space in a TPM. TCG version shows the TCG TPM spec level that 43 + the chip supports. Firmware version is that of the chip and 44 + is manufacturer specific. 45 + 46 + What: /sys/class/misc/tpmX/device/durations 47 + Date: March 2011 48 + KernelVersion: 3.1 49 + Contact: tpmdd-devel@lists.sf.net 50 + Description: The "durations" property shows the 3 vendor-specific values 51 + used to wait for a short, medium and long TPM command. All 52 + TPM commands are categorized as short, medium or long in 53 + execution time, so that the driver doesn't have to wait 54 + any longer than necessary before starting to poll for a 55 + result. 56 + 57 + Example output: 58 + 59 + 3015000 4508000 180995000 [original] 60 + 61 + Here the short, medium and long durations are displayed in 62 + usecs. "[original]" indicates that the values are displayed 63 + unmodified from when they were queried from the chip. 64 + Durations can be modified in the case where a buggy chip 65 + reports them in msec instead of usec and they need to be 66 + scaled to be displayed in usecs. In this case "[adjusted]" 67 + will be displayed in place of "[original]". 68 + 69 + What: /sys/class/misc/tpmX/device/enabled 70 + Date: April 2006 71 + KernelVersion: 2.6.17 72 + Contact: tpmdd-devel@lists.sf.net 73 + Description: The "enabled" property prints a '1' if the TPM chip is enabled, 74 + meaning that it should be visible to the OS. This property 75 + may be visible but produce a '0' after some operation that 76 + disables the TPM. 77 + 78 + What: /sys/class/misc/tpmX/device/owned 79 + Date: April 2006 80 + KernelVersion: 2.6.17 81 + Contact: tpmdd-devel@lists.sf.net 82 + Description: The "owned" property produces a '1' if the TPM_TakeOwnership 83 + ordinal has been executed successfully in the chip. A '0' 84 + indicates that ownership hasn't been taken. 85 + 86 + What: /sys/class/misc/tpmX/device/pcrs 87 + Date: April 2005 88 + KernelVersion: 2.6.12 89 + Contact: tpmdd-devel@lists.sf.net 90 + Description: The "pcrs" property will dump the current value of all Platform 91 + Configuration Registers in the TPM. Note that since these 92 + values may be constantly changing, the output is only valid 93 + for a snapshot in time. 94 + 95 + Example output: 96 + 97 + PCR-00: 3A 3F 78 0F 11 A4 B4 99 69 FC AA 80 CD 6E 39 57 C3 3B 22 75 98 + PCR-01: 3A 3F 78 0F 11 A4 B4 99 69 FC AA 80 CD 6E 39 57 C3 3B 22 75 99 + PCR-02: 3A 3F 78 0F 11 A4 B4 99 69 FC AA 80 CD 6E 39 57 C3 3B 22 75 100 + PCR-03: 3A 3F 78 0F 11 A4 B4 99 69 FC AA 80 CD 6E 39 57 C3 3B 22 75 101 + PCR-04: 3A 3F 78 0F 11 A4 B4 99 69 FC AA 80 CD 6E 39 57 C3 3B 22 75 102 + ... 103 + 104 + The number of PCRs and hex bytes needed to represent a PCR 105 + value will vary depending on TPM chip version. For TPM 1.1 and 106 + 1.2 chips, PCRs represent SHA-1 hashes, which are 20 bytes 107 + long. Use the "caps" property to determine TPM version. 108 + 109 + What: /sys/class/misc/tpmX/device/pubek 110 + Date: April 2005 111 + KernelVersion: 2.6.12 112 + Contact: tpmdd-devel@lists.sf.net 113 + Description: The "pubek" property will return the TPM's public endorsement 114 + key if possible. If the TPM has had ownership established and 115 + is version 1.2, the pubek will not be available without the 116 + owner's authorization. Since the TPM driver doesn't store any 117 + secrets, it can't authorize its own request for the pubek, 118 + making it unaccessible. The public endorsement key is gener- 119 + ated at TPM menufacture time and exists for the life of the 120 + chip. 121 + 122 + Example output: 123 + 124 + Algorithm: 00 00 00 01 125 + Encscheme: 00 03 126 + Sigscheme: 00 01 127 + Parameters: 00 00 08 00 00 00 00 02 00 00 00 00 128 + Modulus length: 256 129 + Modulus: 130 + B4 76 41 82 C9 20 2C 10 18 40 BC 8B E5 44 4C 6C 131 + 3A B2 92 0C A4 9B 2A 83 EB 5C 12 85 04 48 A0 B6 132 + 1E E4 81 84 CE B2 F2 45 1C F0 85 99 61 02 4D EB 133 + 86 C4 F7 F3 29 60 52 93 6B B2 E5 AB 8B A9 09 E3 134 + D7 0E 7D CA 41 BF 43 07 65 86 3C 8C 13 7A D0 8B 135 + 82 5E 96 0B F8 1F 5F 34 06 DA A2 52 C1 A9 D5 26 136 + 0F F4 04 4B D9 3F 2D F2 AC 2F 74 64 1F 8B CD 3E 137 + 1E 30 38 6C 70 63 69 AB E2 50 DF 49 05 2E E1 8D 138 + 6F 78 44 DA 57 43 69 EE 76 6C 38 8A E9 8E A3 F0 139 + A7 1F 3C A8 D0 12 15 3E CA 0E BD FA 24 CD 33 C6 140 + 47 AE A4 18 83 8E 22 39 75 93 86 E6 FD 66 48 B6 141 + 10 AD 94 14 65 F9 6A 17 78 BD 16 53 84 30 BF 70 142 + E0 DC 65 FD 3C C6 B0 1E BF B9 C1 B5 6C EF B1 3A 143 + F8 28 05 83 62 26 11 DC B4 6B 5A 97 FF 32 26 B6 144 + F7 02 71 CF 15 AE 16 DD D1 C1 8E A8 CF 9B 50 7B 145 + C3 91 FF 44 1E CF 7C 39 FE 17 77 21 20 BD CE 9B 146 + 147 + Possible values: 148 + 149 + Algorithm: TPM_ALG_RSA (1) 150 + Encscheme: TPM_ES_RSAESPKCSv15 (2) 151 + TPM_ES_RSAESOAEP_SHA1_MGF1 (3) 152 + Sigscheme: TPM_SS_NONE (1) 153 + Parameters, a byte string of 3 u32 values: 154 + Key Length (bits): 00 00 08 00 (2048) 155 + Num primes: 00 00 00 02 (2) 156 + Exponent Size: 00 00 00 00 (0 means the 157 + default exp) 158 + Modulus Length: 256 (bytes) 159 + Modulus: The 256 byte Endorsement Key modulus 160 + 161 + What: /sys/class/misc/tpmX/device/temp_deactivated 162 + Date: April 2006 163 + KernelVersion: 2.6.17 164 + Contact: tpmdd-devel@lists.sf.net 165 + Description: The "temp_deactivated" property returns a '1' if the chip has 166 + been temporarily dectivated, usually until the next power 167 + cycle. Whether a warm boot (reboot) will clear a TPM chip 168 + from a temp_deactivated state is platform specific. 169 + 170 + What: /sys/class/misc/tpmX/device/timeouts 171 + Date: March 2011 172 + KernelVersion: 3.1 173 + Contact: tpmdd-devel@lists.sf.net 174 + Description: The "timeouts" property shows the 4 vendor-specific values 175 + for the TPM's interface spec timeouts. The use of these 176 + timeouts is defined by the TPM interface spec that the chip 177 + conforms to. 178 + 179 + Example output: 180 + 181 + 750000 750000 750000 750000 [original] 182 + 183 + The four timeout values are shown in usecs, with a trailing 184 + "[original]" or "[adjusted]" depending on whether the values 185 + were scaled by the driver to be reported in usec from msecs.

+7 -3

Documentation/ABI/testing/ima_policy

··· 18 18 rule format: action [condition ...] 19 19 20 20 action: measure | dont_measure | appraise | dont_appraise | audit 21 - condition:= base | lsm 22 - base: [[func=] [mask=] [fsmagic=] [uid=] [fowner]] 21 + condition:= base | lsm [option] 22 + base: [[func=] [mask=] [fsmagic=] [fsuuid=] [uid=] 23 + [fowner]] 23 24 lsm: [[subj_user=] [subj_role=] [subj_type=] 24 25 [obj_user=] [obj_role=] [obj_type=]] 26 + option: [[appraise_type=]] 25 27 26 - base: func:= [BPRM_CHECK][FILE_MMAP][FILE_CHECK][MODULE_CHECK] 28 + base: func:= [BPRM_CHECK][MMAP_CHECK][FILE_CHECK][MODULE_CHECK] 27 29 mask:= [MAY_READ] [MAY_WRITE] [MAY_APPEND] [MAY_EXEC] 28 30 fsmagic:= hex value 31 + fsuuid:= file system UUID (e.g 8bcbe394-4f13-4144-be8e-5aa9ea2ce2f6) 29 32 uid:= decimal value 30 33 fowner:=decimal value 31 34 lsm: are LSM specific 35 + option: appraise_type:= [imasig] 32 36 33 37 default policy: 34 38 # PROC_SUPER_MAGIC

+11 -1

drivers/char/tpm/Kconfig

··· 75 75 76 76 config TCG_IBMVTPM 77 77 tristate "IBM VTPM Interface" 78 - depends on PPC64 78 + depends on PPC_PSERIES 79 79 ---help--- 80 80 If you have IBM virtual TPM (VTPM) support say Yes and it 81 81 will be accessible from within Linux. To compile this driver 82 82 as a module, choose M here; the module will be called tpm_ibmvtpm. 83 + 84 + config TCG_ST33_I2C 85 + tristate "STMicroelectronics ST33 I2C TPM" 86 + depends on I2C 87 + depends on GPIOLIB 88 + ---help--- 89 + If you have a TPM security chip from STMicroelectronics working with 90 + an I2C bus say Yes and it will be accessible from within Linux. 91 + To compile this driver as a module, choose M here; the module will be 92 + called tpm_stm_st33_i2c. 83 93 84 94 endif # TCG_TPM

+1

drivers/char/tpm/Makefile

··· 17 17 obj-$(CONFIG_TCG_ATMEL) += tpm_atmel.o 18 18 obj-$(CONFIG_TCG_INFINEON) += tpm_infineon.o 19 19 obj-$(CONFIG_TCG_IBMVTPM) += tpm_ibmvtpm.o 20 + obj-$(CONFIG_TCG_ST33_I2C) += tpm_i2c_stm_st33.o

+80 -34

drivers/char/tpm/tpm.c

··· 40 40 }; 41 41 42 42 #define TPM_MAX_ORDINAL 243 43 - #define TPM_MAX_PROTECTED_ORDINAL 12 44 - #define TPM_PROTECTED_ORDINAL_MASK 0xFF 43 + #define TSC_MAX_ORDINAL 12 44 + #define TPM_PROTECTED_COMMAND 0x00 45 + #define TPM_CONNECTION_COMMAND 0x40 45 46 46 47 /* 47 48 * Bug workaround - some TPM's don't flush the most ··· 66 65 * values of the SHORT, MEDIUM, and LONG durations are retrieved 67 66 * from the chip during initialization with a call to tpm_get_timeouts. 68 67 */ 69 - static const u8 tpm_protected_ordinal_duration[TPM_MAX_PROTECTED_ORDINAL] = { 70 - TPM_UNDEFINED, /* 0 */ 71 - TPM_UNDEFINED, 72 - TPM_UNDEFINED, 73 - TPM_UNDEFINED, 74 - TPM_UNDEFINED, 75 - TPM_UNDEFINED, /* 5 */ 76 - TPM_UNDEFINED, 77 - TPM_UNDEFINED, 78 - TPM_UNDEFINED, 79 - TPM_UNDEFINED, 80 - TPM_SHORT, /* 10 */ 81 - TPM_SHORT, 82 - }; 83 - 84 68 static const u8 tpm_ordinal_duration[TPM_MAX_ORDINAL] = { 85 69 TPM_UNDEFINED, /* 0 */ 86 70 TPM_UNDEFINED, ··· 337 351 { 338 352 int duration_idx = TPM_UNDEFINED; 339 353 int duration = 0; 354 + u8 category = (ordinal >> 24) & 0xFF; 340 355 341 - if (ordinal < TPM_MAX_ORDINAL) 356 + if ((category == TPM_PROTECTED_COMMAND && ordinal < TPM_MAX_ORDINAL) || 357 + (category == TPM_CONNECTION_COMMAND && ordinal < TSC_MAX_ORDINAL)) 342 358 duration_idx = tpm_ordinal_duration[ordinal]; 343 - else if ((ordinal & TPM_PROTECTED_ORDINAL_MASK) < 344 - TPM_MAX_PROTECTED_ORDINAL) 345 - duration_idx = 346 - tpm_protected_ordinal_duration[ordinal & 347 - TPM_PROTECTED_ORDINAL_MASK]; 348 359 349 360 if (duration_idx != TPM_UNDEFINED) 350 361 duration = chip->vendor.duration[duration_idx]; ··· 393 410 chip->vendor.req_complete_val) 394 411 goto out_recv; 395 412 396 - if ((status == chip->vendor.req_canceled)) { 413 + if (chip->vendor.req_canceled(chip, status)) { 397 414 dev_err(chip->dev, "Operation Canceled\n"); 398 415 rc = -ECANCELED; 399 416 goto out; ··· 451 468 return -EFAULT; 452 469 453 470 err = be32_to_cpu(cmd->header.out.return_code); 454 - if (err != 0) 471 + if (err != 0 && desc) 455 472 dev_err(chip->dev, "A TPM error (%d) occurred %s\n", err, desc); 456 473 457 474 return err; ··· 511 528 } 512 529 EXPORT_SYMBOL_GPL(tpm_gen_interrupt); 513 530 531 + #define TPM_ORD_STARTUP cpu_to_be32(153) 532 + #define TPM_ST_CLEAR cpu_to_be16(1) 533 + #define TPM_ST_STATE cpu_to_be16(2) 534 + #define TPM_ST_DEACTIVATED cpu_to_be16(3) 535 + static const struct tpm_input_header tpm_startup_header = { 536 + .tag = TPM_TAG_RQU_COMMAND, 537 + .length = cpu_to_be32(12), 538 + .ordinal = TPM_ORD_STARTUP 539 + }; 540 + 541 + static int tpm_startup(struct tpm_chip *chip, __be16 startup_type) 542 + { 543 + struct tpm_cmd_t start_cmd; 544 + start_cmd.header.in = tpm_startup_header; 545 + start_cmd.params.startup_in.startup_type = startup_type; 546 + return transmit_cmd(chip, &start_cmd, TPM_INTERNAL_RESULT_SIZE, 547 + "attempting to start the TPM"); 548 + } 549 + 514 550 int tpm_get_timeouts(struct tpm_chip *chip) 515 551 { 516 552 struct tpm_cmd_t tpm_cmd; ··· 543 541 tpm_cmd.params.getcap_in.cap = TPM_CAP_PROP; 544 542 tpm_cmd.params.getcap_in.subcap_size = cpu_to_be32(4); 545 543 tpm_cmd.params.getcap_in.subcap = TPM_CAP_PROP_TIS_TIMEOUT; 544 + rc = transmit_cmd(chip, &tpm_cmd, TPM_INTERNAL_RESULT_SIZE, NULL); 546 545 547 - rc = transmit_cmd(chip, &tpm_cmd, TPM_INTERNAL_RESULT_SIZE, 548 - "attempting to determine the timeouts"); 549 - if (rc) 546 + if (rc == TPM_ERR_INVALID_POSTINIT) { 547 + /* The TPM is not started, we are the first to talk to it. 548 + Execute a startup command. */ 549 + dev_info(chip->dev, "Issuing TPM_STARTUP"); 550 + if (tpm_startup(chip, TPM_ST_CLEAR)) 551 + return rc; 552 + 553 + tpm_cmd.header.in = tpm_getcap_header; 554 + tpm_cmd.params.getcap_in.cap = TPM_CAP_PROP; 555 + tpm_cmd.params.getcap_in.subcap_size = cpu_to_be32(4); 556 + tpm_cmd.params.getcap_in.subcap = TPM_CAP_PROP_TIS_TIMEOUT; 557 + rc = transmit_cmd(chip, &tpm_cmd, TPM_INTERNAL_RESULT_SIZE, 558 + NULL); 559 + } 560 + if (rc) { 561 + dev_err(chip->dev, 562 + "A TPM error (%zd) occurred attempting to determine the timeouts\n", 563 + rc); 550 564 goto duration; 565 + } 551 566 552 567 if (be32_to_cpu(tpm_cmd.header.out.return_code) != 0 || 553 568 be32_to_cpu(tpm_cmd.header.out.length) ··· 843 824 { 844 825 int rc; 845 826 unsigned int loops; 846 - unsigned int delay_msec = 1000; 827 + unsigned int delay_msec = 100; 847 828 unsigned long duration; 848 829 struct tpm_cmd_t cmd; 849 830 ··· 864 845 cmd.header.in = pcrread_header; 865 846 cmd.params.pcrread_in.pcr_idx = cpu_to_be32(0); 866 847 rc = tpm_transmit(chip, (u8 *) &cmd, READ_PCR_RESULT_SIZE); 848 + /* Some buggy TPMs will not respond to tpm_tis_ready() for 849 + * around 300ms while the self test is ongoing, keep trying 850 + * until the self test duration expires. */ 851 + if (rc == -ETIME) { 852 + dev_info(chip->dev, HW_ERR "TPM command timed out during continue self test"); 853 + msleep(delay_msec); 854 + continue; 855 + } 867 856 868 857 if (rc < TPM_HEADER_SIZE) 869 858 return -EFAULT; ··· 1102 1075 } 1103 1076 EXPORT_SYMBOL_GPL(tpm_store_cancel); 1104 1077 1078 + static bool wait_for_tpm_stat_cond(struct tpm_chip *chip, u8 mask, bool check_cancel, 1079 + bool *canceled) 1080 + { 1081 + u8 status = chip->vendor.status(chip); 1082 + 1083 + *canceled = false; 1084 + if ((status & mask) == mask) 1085 + return true; 1086 + if (check_cancel && chip->vendor.req_canceled(chip, status)) { 1087 + *canceled = true; 1088 + return true; 1089 + } 1090 + return false; 1091 + } 1092 + 1105 1093 int wait_for_tpm_stat(struct tpm_chip *chip, u8 mask, unsigned long timeout, 1106 - wait_queue_head_t *queue) 1094 + wait_queue_head_t *queue, bool check_cancel) 1107 1095 { 1108 1096 unsigned long stop; 1109 1097 long rc; 1110 1098 u8 status; 1099 + bool canceled = false; 1111 1100 1112 1101 /* check current status */ 1113 1102 status = chip->vendor.status(chip); ··· 1138 1095 if ((long)timeout <= 0) 1139 1096 return -ETIME; 1140 1097 rc = wait_event_interruptible_timeout(*queue, 1141 - ((chip->vendor.status(chip) 1142 - & mask) == mask), 1143 - timeout); 1144 - if (rc > 0) 1098 + wait_for_tpm_stat_cond(chip, mask, check_cancel, 1099 + &canceled), 1100 + timeout); 1101 + if (rc > 0) { 1102 + if (canceled) 1103 + return -ECANCELED; 1145 1104 return 0; 1105 + } 1146 1106 if (rc == -ERESTARTSYS && freezing(current)) { 1147 1107 clear_thread_flag(TIF_SIGPENDING); 1148 1108 goto again;

+32 -20

drivers/char/tpm/tpm.h

··· 47 47 #define TPM_WARN_DOING_SELFTEST 0x802 48 48 #define TPM_ERR_DEACTIVATED 0x6 49 49 #define TPM_ERR_DISABLED 0x7 50 + #define TPM_ERR_INVALID_POSTINIT 38 50 51 51 52 #define TPM_HEADER_SIZE 10 52 53 extern ssize_t tpm_show_pubek(struct device *, struct device_attribute *attr, ··· 78 77 struct tpm_vendor_specific { 79 78 const u8 req_complete_mask; 80 79 const u8 req_complete_val; 81 - const u8 req_canceled; 80 + bool (*req_canceled)(struct tpm_chip *chip, u8 status); 82 81 void __iomem *iobase; /* ioremapped address */ 83 82 unsigned long base; /* TPM base address */ 84 83 ··· 101 100 bool timeout_adjusted; 102 101 unsigned long duration[3]; /* jiffies */ 103 102 bool duration_adjusted; 104 - void *data; 103 + void *priv; 105 104 106 105 wait_queue_head_t read_queue; 107 106 wait_queue_head_t int_queue; 107 + 108 + u16 manufacturer_id; 108 109 }; 109 110 111 + #define TPM_VPRIV(c) (c)->vendor.priv 112 + 110 113 #define TPM_VID_INTEL 0x8086 114 + #define TPM_VID_WINBOND 0x1050 115 + #define TPM_VID_STM 0x104A 111 116 112 117 struct tpm_chip { 113 118 struct device *dev; /* Device stuff */ ··· 161 154 __be16 tag; 162 155 __be32 length; 163 156 __be32 ordinal; 164 - }__attribute__((packed)); 157 + } __packed; 165 158 166 159 struct tpm_output_header { 167 160 __be16 tag; 168 161 __be32 length; 169 162 __be32 return_code; 170 - }__attribute__((packed)); 163 + } __packed; 171 164 172 165 struct stclear_flags_t { 173 166 __be16 tag; ··· 176 169 u8 physicalPresence; 177 170 u8 physicalPresenceLock; 178 171 u8 bGlobalLock; 179 - }__attribute__((packed)); 172 + } __packed; 180 173 181 174 struct tpm_version_t { 182 175 u8 Major; 183 176 u8 Minor; 184 177 u8 revMajor; 185 178 u8 revMinor; 186 - }__attribute__((packed)); 179 + } __packed; 187 180 188 181 struct tpm_version_1_2_t { 189 182 __be16 tag; ··· 191 184 u8 Minor; 192 185 u8 revMajor; 193 186 u8 revMinor; 194 - }__attribute__((packed)); 187 + } __packed; 195 188 196 189 struct timeout_t { 197 190 __be32 a; 198 191 __be32 b; 199 192 __be32 c; 200 193 __be32 d; 201 - }__attribute__((packed)); 194 + } __packed; 202 195 203 196 struct duration_t { 204 197 __be32 tpm_short; 205 198 __be32 tpm_medium; 206 199 __be32 tpm_long; 207 - }__attribute__((packed)); 200 + } __packed; 208 201 209 202 struct permanent_flags_t { 210 203 __be16 tag; ··· 228 221 u8 tpmEstablished; 229 222 u8 maintenanceDone; 230 223 u8 disableFullDALogicInfo; 231 - }__attribute__((packed)); 224 + } __packed; 232 225 233 226 typedef union { 234 227 struct permanent_flags_t perm_flags; ··· 246 239 __be32 cap; 247 240 __be32 subcap_size; 248 241 __be32 subcap; 249 - }__attribute__((packed)); 242 + } __packed; 250 243 251 244 struct tpm_getcap_params_out { 252 245 __be32 cap_size; 253 246 cap_t cap; 254 - }__attribute__((packed)); 247 + } __packed; 255 248 256 249 struct tpm_readpubek_params_out { 257 250 u8 algorithm[4]; ··· 262 255 __be32 keysize; 263 256 u8 modulus[256]; 264 257 u8 checksum[20]; 265 - }__attribute__((packed)); 258 + } __packed; 266 259 267 260 typedef union { 268 261 struct tpm_input_header in; ··· 272 265 #define TPM_DIGEST_SIZE 20 273 266 struct tpm_pcrread_out { 274 267 u8 pcr_result[TPM_DIGEST_SIZE]; 275 - }__attribute__((packed)); 268 + } __packed; 276 269 277 270 struct tpm_pcrread_in { 278 271 __be32 pcr_idx; 279 - }__attribute__((packed)); 272 + } __packed; 280 273 281 274 struct tpm_pcrextend_in { 282 275 __be32 pcr_idx; 283 276 u8 hash[TPM_DIGEST_SIZE]; 284 - }__attribute__((packed)); 277 + } __packed; 285 278 286 279 /* 128 bytes is an arbitrary cap. This could be as large as TPM_BUFSIZE - 18 287 280 * bytes, but 128 is still a relatively large number of random bytes and ··· 292 285 struct tpm_getrandom_out { 293 286 __be32 rng_data_len; 294 287 u8 rng_data[TPM_MAX_RNG_DATA]; 295 - }__attribute__((packed)); 288 + } __packed; 296 289 297 290 struct tpm_getrandom_in { 298 291 __be32 num_bytes; 299 - }__attribute__((packed)); 292 + } __packed; 293 + 294 + struct tpm_startup_in { 295 + __be16 startup_type; 296 + } __packed; 300 297 301 298 typedef union { 302 299 struct tpm_getcap_params_out getcap_out; ··· 312 301 struct tpm_pcrextend_in pcrextend_in; 313 302 struct tpm_getrandom_in getrandom_in; 314 303 struct tpm_getrandom_out getrandom_out; 304 + struct tpm_startup_in startup_in; 315 305 } tpm_cmd_params; 316 306 317 307 struct tpm_cmd_t { 318 308 tpm_cmd_header header; 319 309 tpm_cmd_params params; 320 - }__attribute__((packed)); 310 + } __packed; 321 311 322 312 ssize_t tpm_getcap(struct device *, __be32, cap_t *, const char *); 323 313 ··· 338 326 extern int tpm_pm_suspend(struct device *); 339 327 extern int tpm_pm_resume(struct device *); 340 328 extern int wait_for_tpm_stat(struct tpm_chip *, u8, unsigned long, 341 - wait_queue_head_t *); 329 + wait_queue_head_t *, bool); 342 330 343 331 #ifdef CONFIG_ACPI 344 332 extern int tpm_add_ppi(struct kobject *);

+4 -4

drivers/char/tpm/tpm_acpi.c

··· 33 33 u16 platform_class; 34 34 union { 35 35 struct client_hdr { 36 - u32 log_max_len __attribute__ ((packed)); 37 - u64 log_start_addr __attribute__ ((packed)); 36 + u32 log_max_len __packed; 37 + u64 log_start_addr __packed; 38 38 } client; 39 39 struct server_hdr { 40 40 u16 reserved; 41 - u64 log_max_len __attribute__ ((packed)); 42 - u64 log_start_addr __attribute__ ((packed)); 41 + u64 log_max_len __packed; 42 + u64 log_start_addr __packed; 43 43 } server; 44 44 }; 45 45 };

+6 -1

drivers/char/tpm/tpm_atmel.c

··· 116 116 return ioread8(chip->vendor.iobase + 1); 117 117 } 118 118 119 + static bool tpm_atml_req_canceled(struct tpm_chip *chip, u8 status) 120 + { 121 + return (status == ATML_STATUS_READY); 122 + } 123 + 119 124 static const struct file_operations atmel_ops = { 120 125 .owner = THIS_MODULE, 121 126 .llseek = no_llseek, ··· 152 147 .status = tpm_atml_status, 153 148 .req_complete_mask = ATML_STATUS_BUSY | ATML_STATUS_DATA_AVAIL, 154 149 .req_complete_val = ATML_STATUS_DATA_AVAIL, 155 - .req_canceled = ATML_STATUS_READY, 150 + .req_canceled = tpm_atml_req_canceled, 156 151 .attr_group = &atmel_attr_grp, 157 152 .miscdev = { .fops = &atmel_ops, }, 158 153 };

+6 -1

drivers/char/tpm/tpm_i2c_infineon.c

··· 505 505 return rc; 506 506 } 507 507 508 + static bool tpm_tis_i2c_req_canceled(struct tpm_chip *chip, u8 status) 509 + { 510 + return (status == TPM_STS_COMMAND_READY); 511 + } 512 + 508 513 static const struct file_operations tis_ops = { 509 514 .owner = THIS_MODULE, 510 515 .llseek = no_llseek, ··· 555 550 .cancel = tpm_tis_i2c_ready, 556 551 .req_complete_mask = TPM_STS_DATA_AVAIL | TPM_STS_VALID, 557 552 .req_complete_val = TPM_STS_DATA_AVAIL | TPM_STS_VALID, 558 - .req_canceled = TPM_STS_COMMAND_READY, 553 + .req_canceled = tpm_tis_i2c_req_canceled, 559 554 .attr_group = &tis_attr_grp, 560 555 .miscdev.fops = &tis_ops, 561 556 };

+887

drivers/char/tpm/tpm_i2c_stm_st33.c

··· 1 + /* 2 + * STMicroelectronics TPM I2C Linux driver for TPM ST33ZP24 3 + * Copyright (C) 2009, 2010 STMicroelectronics 4 + * 5 + * This program is free software; you can redistribute it and/or modify 6 + * it under the terms of the GNU General Public License as published by 7 + * the Free Software Foundation; either version 2 of the License, or 8 + * (at your option) any later version. 9 + * 10 + * This program is distributed in the hope that it will be useful, 11 + * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 + * GNU General Public License for more details. 14 + * 15 + * You should have received a copy of the GNU General Public License along 16 + * with this program; if not, write to the Free Software Foundation, Inc., 17 + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 18 + * 19 + * STMicroelectronics version 1.2.0, Copyright (C) 2010 20 + * STMicroelectronics comes with ABSOLUTELY NO WARRANTY. 21 + * This is free software, and you are welcome to redistribute it 22 + * under certain conditions. 23 + * 24 + * @Author: Christophe RICARD tpmsupport@st.com 25 + * 26 + * @File: tpm_stm_st33_i2c.c 27 + * 28 + * @Synopsis: 29 + * 09/15/2010: First shot driver tpm_tis driver for 30 + lpc is used as model. 31 + */ 32 + 33 + #include <linux/pci.h> 34 + #include <linux/module.h> 35 + #include <linux/platform_device.h> 36 + #include <linux/i2c.h> 37 + #include <linux/fs.h> 38 + #include <linux/miscdevice.h> 39 + #include <linux/module.h> 40 + #include <linux/kernel.h> 41 + #include <linux/delay.h> 42 + #include <linux/init.h> 43 + #include <linux/wait.h> 44 + #include <linux/string.h> 45 + #include <linux/interrupt.h> 46 + #include <linux/spinlock.h> 47 + #include <linux/sysfs.h> 48 + #include <linux/gpio.h> 49 + #include <linux/sched.h> 50 + #include <linux/uaccess.h> 51 + #include <linux/io.h> 52 + #include <linux/slab.h> 53 + #include <linux/sched.h> 54 + 55 + #include "tpm.h" 56 + #include "tpm_i2c_stm_st33.h" 57 + 58 + enum stm33zp24_access { 59 + TPM_ACCESS_VALID = 0x80, 60 + TPM_ACCESS_ACTIVE_LOCALITY = 0x20, 61 + TPM_ACCESS_REQUEST_PENDING = 0x04, 62 + TPM_ACCESS_REQUEST_USE = 0x02, 63 + }; 64 + 65 + enum stm33zp24_status { 66 + TPM_STS_VALID = 0x80, 67 + TPM_STS_COMMAND_READY = 0x40, 68 + TPM_STS_GO = 0x20, 69 + TPM_STS_DATA_AVAIL = 0x10, 70 + TPM_STS_DATA_EXPECT = 0x08, 71 + }; 72 + 73 + enum stm33zp24_int_flags { 74 + TPM_GLOBAL_INT_ENABLE = 0x80, 75 + TPM_INTF_CMD_READY_INT = 0x080, 76 + TPM_INTF_FIFO_AVALAIBLE_INT = 0x040, 77 + TPM_INTF_WAKE_UP_READY_INT = 0x020, 78 + TPM_INTF_LOCALITY_CHANGE_INT = 0x004, 79 + TPM_INTF_STS_VALID_INT = 0x002, 80 + TPM_INTF_DATA_AVAIL_INT = 0x001, 81 + }; 82 + 83 + enum tis_defaults { 84 + TIS_SHORT_TIMEOUT = 750, 85 + TIS_LONG_TIMEOUT = 2000, 86 + }; 87 + 88 + /* 89 + * write8_reg 90 + * Send byte to the TIS register according to the ST33ZP24 I2C protocol. 91 + * @param: tpm_register, the tpm tis register where the data should be written 92 + * @param: tpm_data, the tpm_data to write inside the tpm_register 93 + * @param: tpm_size, The length of the data 94 + * @return: Returns negative errno, or else the number of bytes written. 95 + */ 96 + static int write8_reg(struct i2c_client *client, u8 tpm_register, 97 + u8 *tpm_data, u16 tpm_size) 98 + { 99 + struct st33zp24_platform_data *pin_infos; 100 + 101 + pin_infos = client->dev.platform_data; 102 + 103 + pin_infos->tpm_i2c_buffer[0][0] = tpm_register; 104 + memcpy(&pin_infos->tpm_i2c_buffer[0][1], tpm_data, tpm_size); 105 + return i2c_master_send(client, pin_infos->tpm_i2c_buffer[0], 106 + tpm_size + 1); 107 + } /* write8_reg() */ 108 + 109 + /* 110 + * read8_reg 111 + * Recv byte from the TIS register according to the ST33ZP24 I2C protocol. 112 + * @param: tpm_register, the tpm tis register where the data should be read 113 + * @param: tpm_data, the TPM response 114 + * @param: tpm_size, tpm TPM response size to read. 115 + * @return: number of byte read successfully: should be one if success. 116 + */ 117 + static int read8_reg(struct i2c_client *client, u8 tpm_register, 118 + u8 *tpm_data, int tpm_size) 119 + { 120 + u8 status = 0; 121 + u8 data; 122 + 123 + data = TPM_DUMMY_BYTE; 124 + status = write8_reg(client, tpm_register, &data, 1); 125 + if (status == 2) 126 + status = i2c_master_recv(client, tpm_data, tpm_size); 127 + return status; 128 + } /* read8_reg() */ 129 + 130 + /* 131 + * I2C_WRITE_DATA 132 + * Send byte to the TIS register according to the ST33ZP24 I2C protocol. 133 + * @param: client, the chip description 134 + * @param: tpm_register, the tpm tis register where the data should be written 135 + * @param: tpm_data, the tpm_data to write inside the tpm_register 136 + * @param: tpm_size, The length of the data 137 + * @return: number of byte written successfully: should be one if success. 138 + */ 139 + #define I2C_WRITE_DATA(client, tpm_register, tpm_data, tpm_size) \ 140 + (write8_reg(client, tpm_register | \ 141 + TPM_WRITE_DIRECTION, tpm_data, tpm_size)) 142 + 143 + /* 144 + * I2C_READ_DATA 145 + * Recv byte from the TIS register according to the ST33ZP24 I2C protocol. 146 + * @param: tpm, the chip description 147 + * @param: tpm_register, the tpm tis register where the data should be read 148 + * @param: tpm_data, the TPM response 149 + * @param: tpm_size, tpm TPM response size to read. 150 + * @return: number of byte read successfully: should be one if success. 151 + */ 152 + #define I2C_READ_DATA(client, tpm_register, tpm_data, tpm_size) \ 153 + (read8_reg(client, tpm_register, tpm_data, tpm_size)) 154 + 155 + /* 156 + * clear_interruption 157 + * clear the TPM interrupt register. 158 + * @param: tpm, the chip description 159 + */ 160 + static void clear_interruption(struct i2c_client *client) 161 + { 162 + u8 interrupt; 163 + I2C_READ_DATA(client, TPM_INT_STATUS, &interrupt, 1); 164 + I2C_WRITE_DATA(client, TPM_INT_STATUS, &interrupt, 1); 165 + I2C_READ_DATA(client, TPM_INT_STATUS, &interrupt, 1); 166 + } /* clear_interruption() */ 167 + 168 + /* 169 + * _wait_for_interrupt_serirq_timeout 170 + * @param: tpm, the chip description 171 + * @param: timeout, the timeout of the interrupt 172 + * @return: the status of the interruption. 173 + */ 174 + static long _wait_for_interrupt_serirq_timeout(struct tpm_chip *chip, 175 + unsigned long timeout) 176 + { 177 + long status; 178 + struct i2c_client *client; 179 + struct st33zp24_platform_data *pin_infos; 180 + 181 + client = (struct i2c_client *) TPM_VPRIV(chip); 182 + pin_infos = client->dev.platform_data; 183 + 184 + status = wait_for_completion_interruptible_timeout( 185 + &pin_infos->irq_detection, 186 + timeout); 187 + if (status > 0) 188 + enable_irq(gpio_to_irq(pin_infos->io_serirq)); 189 + gpio_direction_input(pin_infos->io_serirq); 190 + 191 + return status; 192 + } /* wait_for_interrupt_serirq_timeout() */ 193 + 194 + static int wait_for_serirq_timeout(struct tpm_chip *chip, bool condition, 195 + unsigned long timeout) 196 + { 197 + int status = 2; 198 + struct i2c_client *client; 199 + 200 + client = (struct i2c_client *) TPM_VPRIV(chip); 201 + 202 + status = _wait_for_interrupt_serirq_timeout(chip, timeout); 203 + if (!status) { 204 + status = -EBUSY; 205 + } else{ 206 + clear_interruption(client); 207 + if (condition) 208 + status = 1; 209 + } 210 + return status; 211 + } 212 + 213 + /* 214 + * tpm_stm_i2c_cancel, cancel is not implemented. 215 + * @param: chip, the tpm_chip description as specified in driver/char/tpm/tpm.h 216 + */ 217 + static void tpm_stm_i2c_cancel(struct tpm_chip *chip) 218 + { 219 + struct i2c_client *client; 220 + u8 data; 221 + 222 + client = (struct i2c_client *) TPM_VPRIV(chip); 223 + 224 + data = TPM_STS_COMMAND_READY; 225 + I2C_WRITE_DATA(client, TPM_STS, &data, 1); 226 + if (chip->vendor.irq) 227 + wait_for_serirq_timeout(chip, 1, chip->vendor.timeout_a); 228 + } /* tpm_stm_i2c_cancel() */ 229 + 230 + /* 231 + * tpm_stm_spi_status return the TPM_STS register 232 + * @param: chip, the tpm chip description 233 + * @return: the TPM_STS register value. 234 + */ 235 + static u8 tpm_stm_i2c_status(struct tpm_chip *chip) 236 + { 237 + struct i2c_client *client; 238 + u8 data; 239 + client = (struct i2c_client *) TPM_VPRIV(chip); 240 + 241 + I2C_READ_DATA(client, TPM_STS, &data, 1); 242 + return data; 243 + } /* tpm_stm_i2c_status() */ 244 + 245 + 246 + /* 247 + * check_locality if the locality is active 248 + * @param: chip, the tpm chip description 249 + * @return: the active locality or -EACCESS. 250 + */ 251 + static int check_locality(struct tpm_chip *chip) 252 + { 253 + struct i2c_client *client; 254 + u8 data; 255 + u8 status; 256 + 257 + client = (struct i2c_client *) TPM_VPRIV(chip); 258 + 259 + status = I2C_READ_DATA(client, TPM_ACCESS, &data, 1); 260 + if (status && (data & 261 + (TPM_ACCESS_ACTIVE_LOCALITY | TPM_ACCESS_VALID)) == 262 + (TPM_ACCESS_ACTIVE_LOCALITY | TPM_ACCESS_VALID)) 263 + return chip->vendor.locality; 264 + 265 + return -EACCES; 266 + 267 + } /* check_locality() */ 268 + 269 + /* 270 + * request_locality request the TPM locality 271 + * @param: chip, the chip description 272 + * @return: the active locality or EACCESS. 273 + */ 274 + static int request_locality(struct tpm_chip *chip) 275 + { 276 + unsigned long stop; 277 + long rc; 278 + struct i2c_client *client; 279 + u8 data; 280 + 281 + client = (struct i2c_client *) TPM_VPRIV(chip); 282 + 283 + if (check_locality(chip) == chip->vendor.locality) 284 + return chip->vendor.locality; 285 + 286 + data = TPM_ACCESS_REQUEST_USE; 287 + rc = I2C_WRITE_DATA(client, TPM_ACCESS, &data, 1); 288 + if (rc < 0) 289 + goto end; 290 + 291 + if (chip->vendor.irq) { 292 + rc = wait_for_serirq_timeout(chip, (check_locality 293 + (chip) >= 0), 294 + chip->vendor.timeout_a); 295 + if (rc > 0) 296 + return chip->vendor.locality; 297 + } else{ 298 + stop = jiffies + chip->vendor.timeout_a; 299 + do { 300 + if (check_locality(chip) >= 0) 301 + return chip->vendor.locality; 302 + msleep(TPM_TIMEOUT); 303 + } while (time_before(jiffies, stop)); 304 + } 305 + rc = -EACCES; 306 + end: 307 + return rc; 308 + } /* request_locality() */ 309 + 310 + /* 311 + * release_locality release the active locality 312 + * @param: chip, the tpm chip description. 313 + */ 314 + static void release_locality(struct tpm_chip *chip) 315 + { 316 + struct i2c_client *client; 317 + u8 data; 318 + 319 + client = (struct i2c_client *) TPM_VPRIV(chip); 320 + data = TPM_ACCESS_ACTIVE_LOCALITY; 321 + 322 + I2C_WRITE_DATA(client, TPM_ACCESS, &data, 1); 323 + } 324 + 325 + /* 326 + * get_burstcount return the burstcount address 0x19 0x1A 327 + * @param: chip, the chip description 328 + * return: the burstcount. 329 + */ 330 + static int get_burstcount(struct tpm_chip *chip) 331 + { 332 + unsigned long stop; 333 + int burstcnt, status; 334 + u8 tpm_reg, temp; 335 + 336 + struct i2c_client *client = (struct i2c_client *) TPM_VPRIV(chip); 337 + 338 + stop = jiffies + chip->vendor.timeout_d; 339 + do { 340 + tpm_reg = TPM_STS + 1; 341 + status = I2C_READ_DATA(client, tpm_reg, &temp, 1); 342 + if (status < 0) 343 + goto end; 344 + 345 + tpm_reg = tpm_reg + 1; 346 + burstcnt = temp; 347 + status = I2C_READ_DATA(client, tpm_reg, &temp, 1); 348 + if (status < 0) 349 + goto end; 350 + 351 + burstcnt |= temp << 8; 352 + if (burstcnt) 353 + return burstcnt; 354 + msleep(TPM_TIMEOUT); 355 + } while (time_before(jiffies, stop)); 356 + 357 + end: 358 + return -EBUSY; 359 + } /* get_burstcount() */ 360 + 361 + /* 362 + * wait_for_stat wait for a TPM_STS value 363 + * @param: chip, the tpm chip description 364 + * @param: mask, the value mask to wait 365 + * @param: timeout, the timeout 366 + * @param: queue, the wait queue. 367 + * @return: the tpm status, 0 if success, -ETIME if timeout is reached. 368 + */ 369 + static int wait_for_stat(struct tpm_chip *chip, u8 mask, unsigned long timeout, 370 + wait_queue_head_t *queue) 371 + { 372 + unsigned long stop; 373 + long rc; 374 + u8 status; 375 + 376 + if (chip->vendor.irq) { 377 + rc = wait_for_serirq_timeout(chip, ((tpm_stm_i2c_status 378 + (chip) & mask) == 379 + mask), timeout); 380 + if (rc > 0) 381 + return 0; 382 + } else{ 383 + stop = jiffies + timeout; 384 + do { 385 + msleep(TPM_TIMEOUT); 386 + status = tpm_stm_i2c_status(chip); 387 + if ((status & mask) == mask) 388 + return 0; 389 + } while (time_before(jiffies, stop)); 390 + } 391 + return -ETIME; 392 + } /* wait_for_stat() */ 393 + 394 + /* 395 + * recv_data receive data 396 + * @param: chip, the tpm chip description 397 + * @param: buf, the buffer where the data are received 398 + * @param: count, the number of data to receive 399 + * @return: the number of bytes read from TPM FIFO. 400 + */ 401 + static int recv_data(struct tpm_chip *chip, u8 *buf, size_t count) 402 + { 403 + int size = 0, burstcnt, len; 404 + struct i2c_client *client; 405 + 406 + client = (struct i2c_client *) TPM_VPRIV(chip); 407 + 408 + while (size < count && 409 + wait_for_stat(chip, 410 + TPM_STS_DATA_AVAIL | TPM_STS_VALID, 411 + chip->vendor.timeout_c, 412 + &chip->vendor.read_queue) 413 + == 0) { 414 + burstcnt = get_burstcount(chip); 415 + len = min_t(int, burstcnt, count - size); 416 + I2C_READ_DATA(client, TPM_DATA_FIFO, buf + size, len); 417 + size += len; 418 + } 419 + return size; 420 + } 421 + 422 + /* 423 + * tpm_ioserirq_handler the serirq irq handler 424 + * @param: irq, the tpm chip description 425 + * @param: dev_id, the description of the chip 426 + * @return: the status of the handler. 427 + */ 428 + static irqreturn_t tpm_ioserirq_handler(int irq, void *dev_id) 429 + { 430 + struct tpm_chip *chip = dev_id; 431 + struct i2c_client *client; 432 + struct st33zp24_platform_data *pin_infos; 433 + 434 + disable_irq_nosync(irq); 435 + 436 + client = (struct i2c_client *) TPM_VPRIV(chip); 437 + pin_infos = client->dev.platform_data; 438 + 439 + complete(&pin_infos->irq_detection); 440 + return IRQ_HANDLED; 441 + } /* tpm_ioserirq_handler() */ 442 + 443 + 444 + /* 445 + * tpm_stm_i2c_send send TPM commands through the I2C bus. 446 + * 447 + * @param: chip, the tpm_chip description as specified in driver/char/tpm/tpm.h 448 + * @param: buf, the buffer to send. 449 + * @param: count, the number of bytes to send. 450 + * @return: In case of success the number of bytes sent. 451 + * In other case, a < 0 value describing the issue. 452 + */ 453 + static int tpm_stm_i2c_send(struct tpm_chip *chip, unsigned char *buf, 454 + size_t len) 455 + { 456 + u32 status, 457 + burstcnt = 0, i, size; 458 + int ret; 459 + u8 data; 460 + struct i2c_client *client; 461 + 462 + if (chip == NULL) 463 + return -EBUSY; 464 + if (len < TPM_HEADER_SIZE) 465 + return -EBUSY; 466 + 467 + client = (struct i2c_client *)TPM_VPRIV(chip); 468 + 469 + client->flags = 0; 470 + 471 + ret = request_locality(chip); 472 + if (ret < 0) 473 + return ret; 474 + 475 + status = tpm_stm_i2c_status(chip); 476 + if ((status & TPM_STS_COMMAND_READY) == 0) { 477 + tpm_stm_i2c_cancel(chip); 478 + if (wait_for_stat 479 + (chip, TPM_STS_COMMAND_READY, chip->vendor.timeout_b, 480 + &chip->vendor.int_queue) < 0) { 481 + ret = -ETIME; 482 + goto out_err; 483 + } 484 + } 485 + 486 + for (i = 0 ; i < len - 1 ;) { 487 + burstcnt = get_burstcount(chip); 488 + size = min_t(int, len - i - 1, burstcnt); 489 + ret = I2C_WRITE_DATA(client, TPM_DATA_FIFO, buf, size); 490 + if (ret < 0) 491 + goto out_err; 492 + 493 + i += size; 494 + } 495 + 496 + status = tpm_stm_i2c_status(chip); 497 + if ((status & TPM_STS_DATA_EXPECT) == 0) { 498 + ret = -EIO; 499 + goto out_err; 500 + } 501 + 502 + ret = I2C_WRITE_DATA(client, TPM_DATA_FIFO, buf + len - 1, 1); 503 + if (ret < 0) 504 + goto out_err; 505 + 506 + status = tpm_stm_i2c_status(chip); 507 + if ((status & TPM_STS_DATA_EXPECT) != 0) { 508 + ret = -EIO; 509 + goto out_err; 510 + } 511 + 512 + data = TPM_STS_GO; 513 + I2C_WRITE_DATA(client, TPM_STS, &data, 1); 514 + 515 + return len; 516 + out_err: 517 + tpm_stm_i2c_cancel(chip); 518 + release_locality(chip); 519 + return ret; 520 + } 521 + 522 + /* 523 + * tpm_stm_i2c_recv received TPM response through the I2C bus. 524 + * @param: chip, the tpm_chip description as specified in driver/char/tpm/tpm.h. 525 + * @param: buf, the buffer to store datas. 526 + * @param: count, the number of bytes to send. 527 + * @return: In case of success the number of bytes received. 528 + * In other case, a < 0 value describing the issue. 529 + */ 530 + static int tpm_stm_i2c_recv(struct tpm_chip *chip, unsigned char *buf, 531 + size_t count) 532 + { 533 + int size = 0; 534 + int expected; 535 + 536 + if (chip == NULL) 537 + return -EBUSY; 538 + 539 + if (count < TPM_HEADER_SIZE) { 540 + size = -EIO; 541 + goto out; 542 + } 543 + 544 + size = recv_data(chip, buf, TPM_HEADER_SIZE); 545 + if (size < TPM_HEADER_SIZE) { 546 + dev_err(chip->dev, "Unable to read header\n"); 547 + goto out; 548 + } 549 + 550 + expected = be32_to_cpu(*(__be32 *) (buf + 2)); 551 + if (expected > count) { 552 + size = -EIO; 553 + goto out; 554 + } 555 + 556 + size += recv_data(chip, &buf[TPM_HEADER_SIZE], 557 + expected - TPM_HEADER_SIZE); 558 + if (size < expected) { 559 + dev_err(chip->dev, "Unable to read remainder of result\n"); 560 + size = -ETIME; 561 + goto out; 562 + } 563 + 564 + out: 565 + chip->vendor.cancel(chip); 566 + release_locality(chip); 567 + return size; 568 + } 569 + 570 + static bool tpm_st33_i2c_req_canceled(struct tpm_chip *chip, u8 status) 571 + { 572 + return (status == TPM_STS_COMMAND_READY); 573 + } 574 + 575 + static const struct file_operations tpm_st33_i2c_fops = { 576 + .owner = THIS_MODULE, 577 + .llseek = no_llseek, 578 + .read = tpm_read, 579 + .write = tpm_write, 580 + .open = tpm_open, 581 + .release = tpm_release, 582 + }; 583 + 584 + static DEVICE_ATTR(pubek, S_IRUGO, tpm_show_pubek, NULL); 585 + static DEVICE_ATTR(pcrs, S_IRUGO, tpm_show_pcrs, NULL); 586 + static DEVICE_ATTR(enabled, S_IRUGO, tpm_show_enabled, NULL); 587 + static DEVICE_ATTR(active, S_IRUGO, tpm_show_active, NULL); 588 + static DEVICE_ATTR(owned, S_IRUGO, tpm_show_owned, NULL); 589 + static DEVICE_ATTR(temp_deactivated, S_IRUGO, tpm_show_temp_deactivated, NULL); 590 + static DEVICE_ATTR(caps, S_IRUGO, tpm_show_caps_1_2, NULL); 591 + static DEVICE_ATTR(cancel, S_IWUSR | S_IWGRP, NULL, tpm_store_cancel); 592 + 593 + static struct attribute *stm_tpm_attrs[] = { 594 + &dev_attr_pubek.attr, 595 + &dev_attr_pcrs.attr, 596 + &dev_attr_enabled.attr, 597 + &dev_attr_active.attr, 598 + &dev_attr_owned.attr, 599 + &dev_attr_temp_deactivated.attr, 600 + &dev_attr_caps.attr, 601 + &dev_attr_cancel.attr, NULL, 602 + }; 603 + 604 + static struct attribute_group stm_tpm_attr_grp = { 605 + .attrs = stm_tpm_attrs 606 + }; 607 + 608 + static struct tpm_vendor_specific st_i2c_tpm = { 609 + .send = tpm_stm_i2c_send, 610 + .recv = tpm_stm_i2c_recv, 611 + .cancel = tpm_stm_i2c_cancel, 612 + .status = tpm_stm_i2c_status, 613 + .req_complete_mask = TPM_STS_DATA_AVAIL | TPM_STS_VALID, 614 + .req_complete_val = TPM_STS_DATA_AVAIL | TPM_STS_VALID, 615 + .req_canceled = tpm_st33_i2c_req_canceled, 616 + .attr_group = &stm_tpm_attr_grp, 617 + .miscdev = {.fops = &tpm_st33_i2c_fops,}, 618 + }; 619 + 620 + static int interrupts ; 621 + module_param(interrupts, int, 0444); 622 + MODULE_PARM_DESC(interrupts, "Enable interrupts"); 623 + 624 + static int power_mgt = 1; 625 + module_param(power_mgt, int, 0444); 626 + MODULE_PARM_DESC(power_mgt, "Power Management"); 627 + 628 + /* 629 + * tpm_st33_i2c_probe initialize the TPM device 630 + * @param: client, the i2c_client drescription (TPM I2C description). 631 + * @param: id, the i2c_device_id struct. 632 + * @return: 0 in case of success. 633 + * -1 in other case. 634 + */ 635 + static int 636 + tpm_st33_i2c_probe(struct i2c_client *client, const struct i2c_device_id *id) 637 + { 638 + int err; 639 + u8 intmask; 640 + struct tpm_chip *chip; 641 + struct st33zp24_platform_data *platform_data; 642 + 643 + if (client == NULL) { 644 + pr_info("%s: i2c client is NULL. Device not accessible.\n", 645 + __func__); 646 + err = -ENODEV; 647 + goto end; 648 + } 649 + 650 + if (!i2c_check_functionality(client->adapter, I2C_FUNC_I2C)) { 651 + dev_info(&client->dev, "client not i2c capable\n"); 652 + err = -ENODEV; 653 + goto end; 654 + } 655 + 656 + chip = tpm_register_hardware(&client->dev, &st_i2c_tpm); 657 + if (!chip) { 658 + dev_info(&client->dev, "fail chip\n"); 659 + err = -ENODEV; 660 + goto end; 661 + } 662 + 663 + platform_data = client->dev.platform_data; 664 + 665 + if (!platform_data) { 666 + dev_info(&client->dev, "chip not available\n"); 667 + err = -ENODEV; 668 + goto _tpm_clean_answer; 669 + } 670 + 671 + platform_data->tpm_i2c_buffer[0] = 672 + kmalloc(TPM_BUFSIZE * sizeof(u8), GFP_KERNEL); 673 + if (platform_data->tpm_i2c_buffer[0] == NULL) { 674 + err = -ENOMEM; 675 + goto _tpm_clean_answer; 676 + } 677 + platform_data->tpm_i2c_buffer[1] = 678 + kmalloc(TPM_BUFSIZE * sizeof(u8), GFP_KERNEL); 679 + if (platform_data->tpm_i2c_buffer[1] == NULL) { 680 + err = -ENOMEM; 681 + goto _tpm_clean_response1; 682 + } 683 + 684 + TPM_VPRIV(chip) = client; 685 + 686 + chip->vendor.timeout_a = msecs_to_jiffies(TIS_SHORT_TIMEOUT); 687 + chip->vendor.timeout_b = msecs_to_jiffies(TIS_LONG_TIMEOUT); 688 + chip->vendor.timeout_c = msecs_to_jiffies(TIS_SHORT_TIMEOUT); 689 + chip->vendor.timeout_d = msecs_to_jiffies(TIS_SHORT_TIMEOUT); 690 + 691 + chip->vendor.locality = LOCALITY0; 692 + 693 + if (power_mgt) { 694 + err = gpio_request(platform_data->io_lpcpd, "TPM IO_LPCPD"); 695 + if (err) 696 + goto _gpio_init1; 697 + gpio_set_value(platform_data->io_lpcpd, 1); 698 + } 699 + 700 + if (interrupts) { 701 + init_completion(&platform_data->irq_detection); 702 + if (request_locality(chip) != LOCALITY0) { 703 + err = -ENODEV; 704 + goto _tpm_clean_response2; 705 + } 706 + err = gpio_request(platform_data->io_serirq, "TPM IO_SERIRQ"); 707 + if (err) 708 + goto _gpio_init2; 709 + 710 + clear_interruption(client); 711 + err = request_irq(gpio_to_irq(platform_data->io_serirq), 712 + &tpm_ioserirq_handler, 713 + IRQF_TRIGGER_HIGH, 714 + "TPM SERIRQ management", chip); 715 + if (err < 0) { 716 + dev_err(chip->dev , "TPM SERIRQ signals %d not available\n", 717 + gpio_to_irq(platform_data->io_serirq)); 718 + goto _irq_set; 719 + } 720 + 721 + err = I2C_READ_DATA(client, TPM_INT_ENABLE, &intmask, 1); 722 + if (err < 0) 723 + goto _irq_set; 724 + 725 + intmask |= TPM_INTF_CMD_READY_INT 726 + | TPM_INTF_FIFO_AVALAIBLE_INT 727 + | TPM_INTF_WAKE_UP_READY_INT 728 + | TPM_INTF_LOCALITY_CHANGE_INT 729 + | TPM_INTF_STS_VALID_INT 730 + | TPM_INTF_DATA_AVAIL_INT; 731 + 732 + err = I2C_WRITE_DATA(client, TPM_INT_ENABLE, &intmask, 1); 733 + if (err < 0) 734 + goto _irq_set; 735 + 736 + intmask = TPM_GLOBAL_INT_ENABLE; 737 + err = I2C_WRITE_DATA(client, (TPM_INT_ENABLE + 3), &intmask, 1); 738 + if (err < 0) 739 + goto _irq_set; 740 + 741 + err = I2C_READ_DATA(client, TPM_INT_STATUS, &intmask, 1); 742 + if (err < 0) 743 + goto _irq_set; 744 + 745 + chip->vendor.irq = interrupts; 746 + 747 + tpm_gen_interrupt(chip); 748 + } 749 + 750 + tpm_get_timeouts(chip); 751 + 752 + i2c_set_clientdata(client, chip); 753 + 754 + dev_info(chip->dev, "TPM I2C Initialized\n"); 755 + return 0; 756 + _irq_set: 757 + free_irq(gpio_to_irq(platform_data->io_serirq), (void *) chip); 758 + _gpio_init2: 759 + if (interrupts) 760 + gpio_free(platform_data->io_serirq); 761 + _gpio_init1: 762 + if (power_mgt) 763 + gpio_free(platform_data->io_lpcpd); 764 + _tpm_clean_response2: 765 + kzfree(platform_data->tpm_i2c_buffer[1]); 766 + platform_data->tpm_i2c_buffer[1] = NULL; 767 + _tpm_clean_response1: 768 + kzfree(platform_data->tpm_i2c_buffer[0]); 769 + platform_data->tpm_i2c_buffer[0] = NULL; 770 + _tpm_clean_answer: 771 + tpm_remove_hardware(chip->dev); 772 + end: 773 + pr_info("TPM I2C initialisation fail\n"); 774 + return err; 775 + } 776 + 777 + /* 778 + * tpm_st33_i2c_remove remove the TPM device 779 + * @param: client, the i2c_client drescription (TPM I2C description). 780 + clear_bit(0, &chip->is_open); 781 + * @return: 0 in case of success. 782 + */ 783 + static int tpm_st33_i2c_remove(struct i2c_client *client) 784 + { 785 + struct tpm_chip *chip = (struct tpm_chip *)i2c_get_clientdata(client); 786 + struct st33zp24_platform_data *pin_infos = 787 + ((struct i2c_client *) TPM_VPRIV(chip))->dev.platform_data; 788 + 789 + if (pin_infos != NULL) { 790 + free_irq(pin_infos->io_serirq, chip); 791 + 792 + gpio_free(pin_infos->io_serirq); 793 + gpio_free(pin_infos->io_lpcpd); 794 + 795 + tpm_remove_hardware(chip->dev); 796 + 797 + if (pin_infos->tpm_i2c_buffer[1] != NULL) { 798 + kzfree(pin_infos->tpm_i2c_buffer[1]); 799 + pin_infos->tpm_i2c_buffer[1] = NULL; 800 + } 801 + if (pin_infos->tpm_i2c_buffer[0] != NULL) { 802 + kzfree(pin_infos->tpm_i2c_buffer[0]); 803 + pin_infos->tpm_i2c_buffer[0] = NULL; 804 + } 805 + } 806 + 807 + return 0; 808 + } 809 + 810 + #ifdef CONFIG_PM_SLEEP 811 + /* 812 + * tpm_st33_i2c_pm_suspend suspend the TPM device 813 + * Added: Work around when suspend and no tpm application is running, suspend 814 + * may fail because chip->data_buffer is not set (only set in tpm_open in Linux 815 + * TPM core) 816 + * @param: client, the i2c_client drescription (TPM I2C description). 817 + * @param: mesg, the power management message. 818 + * @return: 0 in case of success. 819 + */ 820 + static int tpm_st33_i2c_pm_suspend(struct device *dev) 821 + { 822 + struct tpm_chip *chip = dev_get_drvdata(dev); 823 + struct st33zp24_platform_data *pin_infos = dev->platform_data; 824 + int ret = 0; 825 + 826 + if (power_mgt) 827 + gpio_set_value(pin_infos->io_lpcpd, 0); 828 + else{ 829 + if (chip->data_buffer == NULL) 830 + chip->data_buffer = pin_infos->tpm_i2c_buffer[0]; 831 + ret = tpm_pm_suspend(dev); 832 + } 833 + return ret; 834 + } /* tpm_st33_i2c_suspend() */ 835 + 836 + /* 837 + * tpm_st33_i2c_pm_resume resume the TPM device 838 + * @param: client, the i2c_client drescription (TPM I2C description). 839 + * @return: 0 in case of success. 840 + */ 841 + static int tpm_st33_i2c_pm_resume(struct device *dev) 842 + { 843 + struct tpm_chip *chip = dev_get_drvdata(dev); 844 + struct st33zp24_platform_data *pin_infos = dev->platform_data; 845 + 846 + int ret = 0; 847 + 848 + if (power_mgt) { 849 + gpio_set_value(pin_infos->io_lpcpd, 1); 850 + ret = wait_for_serirq_timeout(chip, 851 + (chip->vendor.status(chip) & 852 + TPM_STS_VALID) == TPM_STS_VALID, 853 + chip->vendor.timeout_b); 854 + } else{ 855 + if (chip->data_buffer == NULL) 856 + chip->data_buffer = pin_infos->tpm_i2c_buffer[0]; 857 + ret = tpm_pm_resume(dev); 858 + if (!ret) 859 + tpm_do_selftest(chip); 860 + } 861 + return ret; 862 + } /* tpm_st33_i2c_pm_resume() */ 863 + #endif 864 + 865 + static const struct i2c_device_id tpm_st33_i2c_id[] = { 866 + {TPM_ST33_I2C, 0}, 867 + {} 868 + }; 869 + MODULE_DEVICE_TABLE(i2c, tpm_st33_i2c_id); 870 + static SIMPLE_DEV_PM_OPS(tpm_st33_i2c_ops, tpm_st33_i2c_pm_suspend, tpm_st33_i2c_pm_resume); 871 + static struct i2c_driver tpm_st33_i2c_driver = { 872 + .driver = { 873 + .owner = THIS_MODULE, 874 + .name = TPM_ST33_I2C, 875 + .pm = &tpm_st33_i2c_ops, 876 + }, 877 + .probe = tpm_st33_i2c_probe, 878 + .remove = tpm_st33_i2c_remove, 879 + .id_table = tpm_st33_i2c_id 880 + }; 881 + 882 + module_i2c_driver(tpm_st33_i2c_driver); 883 + 884 + MODULE_AUTHOR("Christophe Ricard (tpmsupport@st.com)"); 885 + MODULE_DESCRIPTION("STM TPM I2C ST33 Driver"); 886 + MODULE_VERSION("1.2.0"); 887 + MODULE_LICENSE("GPL");

+61

drivers/char/tpm/tpm_i2c_stm_st33.h

··· 1 + /* 2 + * STMicroelectronics TPM I2C Linux driver for TPM ST33ZP24 3 + * Copyright (C) 2009, 2010 STMicroelectronics 4 + * 5 + * This program is free software; you can redistribute it and/or modify 6 + * it under the terms of the GNU General Public License as published by 7 + * the Free Software Foundation; either version 2 of the License, or 8 + * (at your option) any later version. 9 + * 10 + * This program is distributed in the hope that it will be useful, 11 + * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 + * GNU General Public License for more details. 14 + * 15 + * You should have received a copy of the GNU General Public License along 16 + * with this program; if not, write to the Free Software Foundation, Inc., 17 + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 18 + * 19 + * STMicroelectronics version 1.2.0, Copyright (C) 2010 20 + * STMicroelectronics comes with ABSOLUTELY NO WARRANTY. 21 + * This is free software, and you are welcome to redistribute it 22 + * under certain conditions. 23 + * 24 + * @Author: Christophe RICARD tpmsupport@st.com 25 + * 26 + * @File: stm_st33_tpm_i2c.h 27 + * 28 + * @Date: 09/15/2010 29 + */ 30 + #ifndef __STM_ST33_TPM_I2C_MAIN_H__ 31 + #define __STM_ST33_TPM_I2C_MAIN_H__ 32 + 33 + #define TPM_ACCESS (0x0) 34 + #define TPM_STS (0x18) 35 + #define TPM_HASH_END (0x20) 36 + #define TPM_DATA_FIFO (0x24) 37 + #define TPM_HASH_DATA (0x24) 38 + #define TPM_HASH_START (0x28) 39 + #define TPM_INTF_CAPABILITY (0x14) 40 + #define TPM_INT_STATUS (0x10) 41 + #define TPM_INT_ENABLE (0x08) 42 + 43 + #define TPM_DUMMY_BYTE 0xAA 44 + #define TPM_WRITE_DIRECTION 0x80 45 + #define TPM_HEADER_SIZE 10 46 + #define TPM_BUFSIZE 2048 47 + 48 + #define LOCALITY0 0 49 + 50 + #define TPM_ST33_I2C "st33zp24_i2c" 51 + 52 + struct st33zp24_platform_data { 53 + int io_serirq; 54 + int io_lpcpd; 55 + struct i2c_client *client; 56 + u8 *tpm_i2c_buffer[2]; /* 0 Request 1 Response */ 57 + struct completion irq_detection; 58 + struct mutex lock; 59 + }; 60 + 61 + #endif /* __STM_ST33_TPM_I2C_MAIN_H__ */

+10 -5

drivers/char/tpm/tpm_ibmvtpm.c

··· 64 64 { 65 65 struct tpm_chip *chip = dev_get_drvdata(dev); 66 66 if (chip) 67 - return (struct ibmvtpm_dev *)chip->vendor.data; 67 + return (struct ibmvtpm_dev *)TPM_VPRIV(chip); 68 68 return NULL; 69 69 } 70 70 ··· 83 83 u16 len; 84 84 int sig; 85 85 86 - ibmvtpm = (struct ibmvtpm_dev *)chip->vendor.data; 86 + ibmvtpm = (struct ibmvtpm_dev *)TPM_VPRIV(chip); 87 87 88 88 if (!ibmvtpm->rtce_buf) { 89 89 dev_err(ibmvtpm->dev, "ibmvtpm device is not ready\n"); ··· 127 127 u64 *word = (u64 *) &crq; 128 128 int rc; 129 129 130 - ibmvtpm = (struct ibmvtpm_dev *)chip->vendor.data; 130 + ibmvtpm = (struct ibmvtpm_dev *)TPM_VPRIV(chip); 131 131 132 132 if (!ibmvtpm->rtce_buf) { 133 133 dev_err(ibmvtpm->dev, "ibmvtpm device is not ready\n"); ··· 398 398 return rc; 399 399 } 400 400 401 + static bool tpm_ibmvtpm_req_canceled(struct tpm_chip *chip, u8 status) 402 + { 403 + return (status == 0); 404 + } 405 + 401 406 static const struct file_operations ibmvtpm_ops = { 402 407 .owner = THIS_MODULE, 403 408 .llseek = no_llseek, ··· 446 441 .status = tpm_ibmvtpm_status, 447 442 .req_complete_mask = 0, 448 443 .req_complete_val = 0, 449 - .req_canceled = 0, 444 + .req_canceled = tpm_ibmvtpm_req_canceled, 450 445 .attr_group = &ibmvtpm_attr_grp, 451 446 .miscdev = { .fops = &ibmvtpm_ops, }, 452 447 }; ··· 652 647 653 648 ibmvtpm->dev = dev; 654 649 ibmvtpm->vdev = vio_dev; 655 - chip->vendor.data = (void *)ibmvtpm; 650 + TPM_VPRIV(chip) = (void *)ibmvtpm; 656 651 657 652 spin_lock_init(&ibmvtpm->rtce_lock); 658 653

+6 -1

drivers/char/tpm/tpm_nsc.c

··· 227 227 return inb(chip->vendor.base + NSC_STATUS); 228 228 } 229 229 230 + static bool tpm_nsc_req_canceled(struct tpm_chip *chip, u8 status) 231 + { 232 + return (status == NSC_STATUS_RDY); 233 + } 234 + 230 235 static const struct file_operations nsc_ops = { 231 236 .owner = THIS_MODULE, 232 237 .llseek = no_llseek, ··· 263 258 .status = tpm_nsc_status, 264 259 .req_complete_mask = NSC_STATUS_OBF, 265 260 .req_complete_val = NSC_STATUS_OBF, 266 - .req_canceled = NSC_STATUS_RDY, 261 + .req_canceled = tpm_nsc_req_canceled, 267 262 .attr_group = &nsc_attr_grp, 268 263 .miscdev = { .fops = &nsc_ops, }, 269 264 };

+51 -13

drivers/char/tpm/tpm_tis.c

··· 84 84 struct acpi_device *acpi = pnp_acpi_device(dev); 85 85 struct acpi_hardware_id *id; 86 86 87 + if (!acpi) 88 + return 0; 89 + 87 90 list_for_each_entry(id, &acpi->pnp.ids, list) { 88 91 if (!strcmp("INTC0102", id->id)) 89 92 return 1; ··· 100 97 return 0; 101 98 } 102 99 #endif 100 + 101 + /* Before we attempt to access the TPM we must see that the valid bit is set. 102 + * The specification says that this bit is 0 at reset and remains 0 until the 103 + * 'TPM has gone through its self test and initialization and has established 104 + * correct values in the other bits.' */ 105 + static int wait_startup(struct tpm_chip *chip, int l) 106 + { 107 + unsigned long stop = jiffies + chip->vendor.timeout_a; 108 + do { 109 + if (ioread8(chip->vendor.iobase + TPM_ACCESS(l)) & 110 + TPM_ACCESS_VALID) 111 + return 0; 112 + msleep(TPM_TIMEOUT); 113 + } while (time_before(jiffies, stop)); 114 + return -1; 115 + } 103 116 104 117 static int check_locality(struct tpm_chip *chip, int l) 105 118 { ··· 217 198 wait_for_tpm_stat(chip, 218 199 TPM_STS_DATA_AVAIL | TPM_STS_VALID, 219 200 chip->vendor.timeout_c, 220 - &chip->vendor.read_queue) 201 + &chip->vendor.read_queue, true) 221 202 == 0) { 222 203 burstcnt = get_burstcount(chip); 223 204 for (; burstcnt > 0 && size < count; burstcnt--) ··· 260 241 } 261 242 262 243 wait_for_tpm_stat(chip, TPM_STS_VALID, chip->vendor.timeout_c, 263 - &chip->vendor.int_queue); 244 + &chip->vendor.int_queue, false); 264 245 status = tpm_tis_status(chip); 265 246 if (status & TPM_STS_DATA_AVAIL) { /* retry? */ 266 247 dev_err(chip->dev, "Error left over data\n"); ··· 296 277 tpm_tis_ready(chip); 297 278 if (wait_for_tpm_stat 298 279 (chip, TPM_STS_COMMAND_READY, chip->vendor.timeout_b, 299 - &chip->vendor.int_queue) < 0) { 280 + &chip->vendor.int_queue, false) < 0) { 300 281 rc = -ETIME; 301 282 goto out_err; 302 283 } ··· 311 292 } 312 293 313 294 wait_for_tpm_stat(chip, TPM_STS_VALID, chip->vendor.timeout_c, 314 - &chip->vendor.int_queue); 295 + &chip->vendor.int_queue, false); 315 296 status = tpm_tis_status(chip); 316 297 if (!itpm && (status & TPM_STS_DATA_EXPECT) == 0) { 317 298 rc = -EIO; ··· 323 304 iowrite8(buf[count], 324 305 chip->vendor.iobase + TPM_DATA_FIFO(chip->vendor.locality)); 325 306 wait_for_tpm_stat(chip, TPM_STS_VALID, chip->vendor.timeout_c, 326 - &chip->vendor.int_queue); 307 + &chip->vendor.int_queue, false); 327 308 status = tpm_tis_status(chip); 328 309 if ((status & TPM_STS_DATA_EXPECT) != 0) { 329 310 rc = -EIO; ··· 361 342 if (wait_for_tpm_stat 362 343 (chip, TPM_STS_DATA_AVAIL | TPM_STS_VALID, 363 344 tpm_calc_ordinal_duration(chip, ordinal), 364 - &chip->vendor.read_queue) < 0) { 345 + &chip->vendor.read_queue, false) < 0) { 365 346 rc = -ETIME; 366 347 goto out_err; 367 348 } ··· 393 374 if (vendor != TPM_VID_INTEL) 394 375 return 0; 395 376 396 - itpm = 0; 377 + itpm = false; 397 378 398 379 rc = tpm_tis_send_data(chip, cmd_getticks, len); 399 380 if (rc == 0) ··· 402 383 tpm_tis_ready(chip); 403 384 release_locality(chip, chip->vendor.locality, 0); 404 385 405 - itpm = 1; 386 + itpm = true; 406 387 407 388 rc = tpm_tis_send_data(chip, cmd_getticks, len); 408 389 if (rc == 0) { ··· 417 398 release_locality(chip, chip->vendor.locality, 0); 418 399 419 400 return rc; 401 + } 402 + 403 + static bool tpm_tis_req_canceled(struct tpm_chip *chip, u8 status) 404 + { 405 + switch (chip->vendor.manufacturer_id) { 406 + case TPM_VID_WINBOND: 407 + return ((status == TPM_STS_VALID) || 408 + (status == (TPM_STS_VALID | TPM_STS_COMMAND_READY))); 409 + case TPM_VID_STM: 410 + return (status == (TPM_STS_VALID | TPM_STS_COMMAND_READY)); 411 + default: 412 + return (status == TPM_STS_COMMAND_READY); 413 + } 420 414 } 421 415 422 416 static const struct file_operations tis_ops = { ··· 477 445 .cancel = tpm_tis_ready, 478 446 .req_complete_mask = TPM_STS_DATA_AVAIL | TPM_STS_VALID, 479 447 .req_complete_val = TPM_STS_DATA_AVAIL | TPM_STS_VALID, 480 - .req_canceled = TPM_STS_COMMAND_READY, 448 + .req_canceled = tpm_tis_req_canceled, 481 449 .attr_group = &tis_attr_grp, 482 450 .miscdev = { 483 451 .fops = &tis_ops,}, ··· 534 502 return IRQ_HANDLED; 535 503 } 536 504 537 - static bool interrupts = 1; 505 + static bool interrupts = true; 538 506 module_param(interrupts, bool, 0444); 539 507 MODULE_PARM_DESC(interrupts, "Enable interrupts"); 540 508 ··· 560 528 chip->vendor.timeout_c = msecs_to_jiffies(TIS_SHORT_TIMEOUT); 561 529 chip->vendor.timeout_d = msecs_to_jiffies(TIS_SHORT_TIMEOUT); 562 530 531 + if (wait_startup(chip, 0) != 0) { 532 + rc = -ENODEV; 533 + goto out_err; 534 + } 535 + 563 536 if (request_locality(chip, 0) != 0) { 564 537 rc = -ENODEV; 565 538 goto out_err; 566 539 } 567 540 568 541 vendor = ioread32(chip->vendor.iobase + TPM_DID_VID(0)); 542 + chip->vendor.manufacturer_id = vendor; 569 543 570 544 dev_info(dev, 571 545 "1.2 TPM (device-id 0x%X, rev-id %d)\n", ··· 583 545 rc = -ENODEV; 584 546 goto out_err; 585 547 } 586 - itpm = (probe == 0) ? 0 : 1; 548 + itpm = !!probe; 587 549 } 588 550 589 551 if (itpm) ··· 779 741 if (pnp_irq_valid(pnp_dev, 0)) 780 742 irq = pnp_irq(pnp_dev, 0); 781 743 else 782 - interrupts = 0; 744 + interrupts = false; 783 745 784 746 if (is_itpm(pnp_dev)) 785 - itpm = 1; 747 + itpm = true; 786 748 787 749 return tpm_tis_init(&pnp_dev->dev, start, len, irq); 788 750 }

+14 -27

lib/digsig.c

··· 30 30 31 31 static struct crypto_shash *shash; 32 32 33 - static int pkcs_1_v1_5_decode_emsa(const unsigned char *msg, 34 - unsigned long msglen, 35 - unsigned long modulus_bitlen, 36 - unsigned char *out, 37 - unsigned long *outlen) 33 + static const char *pkcs_1_v1_5_decode_emsa(const unsigned char *msg, 34 + unsigned long msglen, 35 + unsigned long modulus_bitlen, 36 + unsigned long *outlen) 38 37 { 39 38 unsigned long modulus_len, ps_len, i; 40 39 ··· 41 42 42 43 /* test message size */ 43 44 if ((msglen > modulus_len) || (modulus_len < 11)) 44 - return -EINVAL; 45 + return NULL; 45 46 46 47 /* separate encoded message */ 47 - if ((msg[0] != 0x00) || (msg[1] != (unsigned char)1)) 48 - return -EINVAL; 48 + if (msg[0] != 0x00 || msg[1] != 0x01) 49 + return NULL; 49 50 50 51 for (i = 2; i < modulus_len - 1; i++) 51 52 if (msg[i] != 0xFF) ··· 55 56 if (msg[i] != 0) 56 57 /* There was no octet with hexadecimal value 0x00 57 58 to separate ps from m. */ 58 - return -EINVAL; 59 + return NULL; 59 60 60 61 ps_len = i - 2; 61 62 62 - if (*outlen < (msglen - (2 + ps_len + 1))) { 63 - *outlen = msglen - (2 + ps_len + 1); 64 - return -EOVERFLOW; 65 - } 66 - 67 63 *outlen = (msglen - (2 + ps_len + 1)); 68 - memcpy(out, &msg[2 + ps_len + 1], *outlen); 69 64 70 - return 0; 65 + return msg + 2 + ps_len + 1; 71 66 } 72 67 73 68 /* ··· 76 83 unsigned long mlen, mblen; 77 84 unsigned nret, l; 78 85 int head, i; 79 - unsigned char *out1 = NULL, *out2 = NULL; 86 + unsigned char *out1 = NULL; 87 + const char *m; 80 88 MPI in = NULL, res = NULL, pkey[2]; 81 89 uint8_t *p, *datap, *endp; 82 90 struct user_key_payload *ukp; ··· 114 120 } 115 121 116 122 mblen = mpi_get_nbits(pkey[0]); 117 - mlen = (mblen + 7)/8; 123 + mlen = DIV_ROUND_UP(mblen, 8); 118 124 119 125 if (mlen == 0) 120 126 goto err; 121 127 122 128 out1 = kzalloc(mlen, GFP_KERNEL); 123 129 if (!out1) 124 - goto err; 125 - 126 - out2 = kzalloc(mlen, GFP_KERNEL); 127 - if (!out2) 128 130 goto err; 129 131 130 132 nret = siglen; ··· 154 164 155 165 kfree(p); 156 166 157 - err = pkcs_1_v1_5_decode_emsa(out1, len, mblen, out2, &len); 158 - if (err) 159 - goto err; 167 + m = pkcs_1_v1_5_decode_emsa(out1, len, mblen, &len); 160 168 161 - if (len != hlen || memcmp(out2, h, hlen)) 169 + if (!m || len != hlen || memcmp(m, h, hlen)) 162 170 err = -EINVAL; 163 171 164 172 err: 165 173 mpi_free(in); 166 174 mpi_free(res); 167 175 kfree(out1); 168 - kfree(out2); 169 176 while (--i >= 0) 170 177 mpi_free(pkey[i]); 171 178 err1:

-4

lib/mpi/mpi-internal.h

··· 65 65 typedef mpi_limb_t *mpi_ptr_t; /* pointer to a limb */ 66 66 typedef int mpi_size_t; /* (must be a signed type) */ 67 67 68 - #define ABS(x) (x >= 0 ? x : -x) 69 - #define MIN(l, o) ((l) < (o) ? (l) : (o)) 70 - #define MAX(h, i) ((h) > (i) ? (h) : (i)) 71 - 72 68 static inline int RESIZE_IF_NEEDED(MPI a, unsigned b) 73 69 { 74 70 if (a->alloced < b)

+4 -4

lib/mpi/mpicoder.c

··· 52 52 else 53 53 nbits = 0; 54 54 55 - nlimbs = (nbytes + BYTES_PER_MPI_LIMB - 1) / BYTES_PER_MPI_LIMB; 55 + nlimbs = DIV_ROUND_UP(nbytes, BYTES_PER_MPI_LIMB); 56 56 val = mpi_alloc(nlimbs); 57 57 if (!val) 58 58 return NULL; ··· 96 96 buffer += 2; 97 97 nread = 2; 98 98 99 - nbytes = (nbits + 7) / 8; 100 - nlimbs = (nbytes + BYTES_PER_MPI_LIMB - 1) / BYTES_PER_MPI_LIMB; 99 + nbytes = DIV_ROUND_UP(nbits, 8); 100 + nlimbs = DIV_ROUND_UP(nbytes, BYTES_PER_MPI_LIMB); 101 101 val = mpi_alloc(nlimbs); 102 102 if (!val) 103 103 return NULL; ··· 193 193 int nlimbs; 194 194 int i; 195 195 196 - nlimbs = (nbytes + BYTES_PER_MPI_LIMB - 1) / BYTES_PER_MPI_LIMB; 196 + nlimbs = DIV_ROUND_UP(nbytes, BYTES_PER_MPI_LIMB); 197 197 if (RESIZE_IF_NEEDED(a, nlimbs) < 0) 198 198 return -ENOMEM; 199 199 a->sign = sign;

+12

security/integrity/Kconfig

··· 17 17 This is useful for evm and module keyrings, when keys are 18 18 usually only added from initramfs. 19 19 20 + config INTEGRITY_ASYMMETRIC_KEYS 21 + boolean "Enable asymmetric keys support" 22 + depends on INTEGRITY_SIGNATURE 23 + default n 24 + select ASYMMETRIC_KEY_TYPE 25 + select ASYMMETRIC_PUBLIC_KEY_SUBTYPE 26 + select PUBLIC_KEY_ALGO_RSA 27 + select X509_CERTIFICATE_PARSER 28 + help 29 + This option enables digital signature verification using 30 + asymmetric keys. 31 + 20 32 source security/integrity/ima/Kconfig 21 33 source security/integrity/evm/Kconfig

+1

security/integrity/Makefile

··· 4 4 5 5 obj-$(CONFIG_INTEGRITY) += integrity.o 6 6 obj-$(CONFIG_INTEGRITY_SIGNATURE) += digsig.o 7 + obj-$(CONFIG_INTEGRITY_ASYMMETRIC_KEYS) += digsig_asymmetric.o 7 8 8 9 integrity-y := iint.o 9 10

+10 -1

security/integrity/digsig.c

··· 44 44 } 45 45 } 46 46 47 - return digsig_verify(keyring[id], sig, siglen, digest, digestlen); 47 + switch (sig[0]) { 48 + case 1: 49 + return digsig_verify(keyring[id], sig, siglen, 50 + digest, digestlen); 51 + case 2: 52 + return asymmetric_verify(keyring[id], sig, siglen, 53 + digest, digestlen); 54 + } 55 + 56 + return -EOPNOTSUPP; 48 57 }

+115

security/integrity/digsig_asymmetric.c

··· 1 + /* 2 + * Copyright (C) 2013 Intel Corporation 3 + * 4 + * Author: 5 + * Dmitry Kasatkin <dmitry.kasatkin@intel.com> 6 + * 7 + * This program is free software; you can redistribute it and/or modify 8 + * it under the terms of the GNU General Public License as published by 9 + * the Free Software Foundation, version 2 of the License. 10 + * 11 + */ 12 + 13 + #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 14 + 15 + #include <linux/err.h> 16 + #include <linux/key-type.h> 17 + #include <crypto/public_key.h> 18 + #include <keys/asymmetric-type.h> 19 + 20 + #include "integrity.h" 21 + 22 + /* 23 + * signature format v2 - for using with asymmetric keys 24 + */ 25 + struct signature_v2_hdr { 26 + uint8_t version; /* signature format version */ 27 + uint8_t hash_algo; /* Digest algorithm [enum pkey_hash_algo] */ 28 + uint32_t keyid; /* IMA key identifier - not X509/PGP specific*/ 29 + uint16_t sig_size; /* signature size */ 30 + uint8_t sig[0]; /* signature payload */ 31 + } __packed; 32 + 33 + /* 34 + * Request an asymmetric key. 35 + */ 36 + static struct key *request_asymmetric_key(struct key *keyring, uint32_t keyid) 37 + { 38 + struct key *key; 39 + char name[12]; 40 + 41 + sprintf(name, "id:%x", keyid); 42 + 43 + pr_debug("key search: \"%s\"\n", name); 44 + 45 + if (keyring) { 46 + /* search in specific keyring */ 47 + key_ref_t kref; 48 + kref = keyring_search(make_key_ref(keyring, 1), 49 + &key_type_asymmetric, name); 50 + if (IS_ERR(kref)) 51 + key = ERR_CAST(kref); 52 + else 53 + key = key_ref_to_ptr(kref); 54 + } else { 55 + key = request_key(&key_type_asymmetric, name, NULL); 56 + } 57 + 58 + if (IS_ERR(key)) { 59 + pr_warn("Request for unknown key '%s' err %ld\n", 60 + name, PTR_ERR(key)); 61 + switch (PTR_ERR(key)) { 62 + /* Hide some search errors */ 63 + case -EACCES: 64 + case -ENOTDIR: 65 + case -EAGAIN: 66 + return ERR_PTR(-ENOKEY); 67 + default: 68 + return key; 69 + } 70 + } 71 + 72 + pr_debug("%s() = 0 [%x]\n", __func__, key_serial(key)); 73 + 74 + return key; 75 + } 76 + 77 + int asymmetric_verify(struct key *keyring, const char *sig, 78 + int siglen, const char *data, int datalen) 79 + { 80 + struct public_key_signature pks; 81 + struct signature_v2_hdr *hdr = (struct signature_v2_hdr *)sig; 82 + struct key *key; 83 + int ret = -ENOMEM; 84 + 85 + if (siglen <= sizeof(*hdr)) 86 + return -EBADMSG; 87 + 88 + siglen -= sizeof(*hdr); 89 + 90 + if (siglen != __be16_to_cpu(hdr->sig_size)) 91 + return -EBADMSG; 92 + 93 + if (hdr->hash_algo >= PKEY_HASH__LAST) 94 + return -ENOPKG; 95 + 96 + key = request_asymmetric_key(keyring, __be32_to_cpu(hdr->keyid)); 97 + if (IS_ERR(key)) 98 + return PTR_ERR(key); 99 + 100 + memset(&pks, 0, sizeof(pks)); 101 + 102 + pks.pkey_hash_algo = hdr->hash_algo; 103 + pks.digest = (u8 *)data; 104 + pks.digest_size = datalen; 105 + pks.nr_mpi = 1; 106 + pks.rsa.s = mpi_read_raw_data(hdr->sig, siglen); 107 + 108 + if (pks.rsa.s) 109 + ret = verify_signature(key, &pks); 110 + 111 + mpi_free(pks.rsa.s); 112 + key_put(key); 113 + pr_debug("%s() = %d\n", __func__, ret); 114 + return ret; 115 + }

+13

security/integrity/evm/Kconfig

··· 11 11 integrity attacks. 12 12 13 13 If you are unsure how to answer this question, answer N. 14 + 15 + config EVM_HMAC_VERSION 16 + int "EVM HMAC version" 17 + depends on EVM 18 + default 2 19 + help 20 + This options adds EVM HMAC version support. 21 + 1 - original version 22 + 2 - add per filesystem unique identifier (UUID) (default) 23 + 24 + WARNING: changing the HMAC calculation method or adding 25 + additional info to the calculation, requires existing EVM 26 + labeled file systems to be relabeled.

+1 -1

security/integrity/evm/evm.h

··· 24 24 extern int evm_initialized; 25 25 extern char *evm_hmac; 26 26 extern char *evm_hash; 27 + extern int evm_hmac_version; 27 28 28 29 extern struct crypto_shash *hmac_tfm; 29 30 extern struct crypto_shash *hash_tfm; ··· 46 45 extern int evm_init_hmac(struct inode *inode, const struct xattr *xattr, 47 46 char *hmac_val); 48 47 extern int evm_init_secfs(void); 49 - extern void evm_cleanup_secfs(void); 50 48 51 49 #endif

+3

security/integrity/evm/evm_crypto.c

··· 110 110 hmac_misc.gid = from_kgid(&init_user_ns, inode->i_gid); 111 111 hmac_misc.mode = inode->i_mode; 112 112 crypto_shash_update(desc, (const u8 *)&hmac_misc, sizeof hmac_misc); 113 + if (evm_hmac_version > 1) 114 + crypto_shash_update(desc, inode->i_sb->s_uuid, 115 + sizeof(inode->i_sb->s_uuid)); 113 116 crypto_shash_final(desc, digest); 114 117 } 115 118

+1 -9

security/integrity/evm/evm_main.c

··· 26 26 27 27 char *evm_hmac = "hmac(sha1)"; 28 28 char *evm_hash = "sha1"; 29 + int evm_hmac_version = CONFIG_EVM_HMAC_VERSION; 29 30 30 31 char *evm_config_xattrnames[] = { 31 32 #ifdef CONFIG_SECURITY_SELINUX ··· 426 425 return 0; 427 426 err: 428 427 return error; 429 - } 430 - 431 - static void __exit cleanup_evm(void) 432 - { 433 - evm_cleanup_secfs(); 434 - if (hmac_tfm) 435 - crypto_free_shash(hmac_tfm); 436 - if (hash_tfm) 437 - crypto_free_shash(hash_tfm); 438 428 } 439 429 440 430 /*

-6

security/integrity/evm/evm_secfs.c

··· 100 100 error = -EFAULT; 101 101 return error; 102 102 } 103 - 104 - void __exit evm_cleanup_secfs(void) 105 - { 106 - if (evm_init_tpm) 107 - securityfs_remove(evm_init_tpm); 108 - }

+8 -2

security/integrity/iint.c

··· 72 72 { 73 73 iint->version = 0; 74 74 iint->flags = 0UL; 75 - iint->ima_status = INTEGRITY_UNKNOWN; 75 + iint->ima_file_status = INTEGRITY_UNKNOWN; 76 + iint->ima_mmap_status = INTEGRITY_UNKNOWN; 77 + iint->ima_bprm_status = INTEGRITY_UNKNOWN; 78 + iint->ima_module_status = INTEGRITY_UNKNOWN; 76 79 iint->evm_status = INTEGRITY_UNKNOWN; 77 80 kmem_cache_free(iint_cache, iint); 78 81 } ··· 152 149 memset(iint, 0, sizeof *iint); 153 150 iint->version = 0; 154 151 iint->flags = 0UL; 155 - iint->ima_status = INTEGRITY_UNKNOWN; 152 + iint->ima_file_status = INTEGRITY_UNKNOWN; 153 + iint->ima_mmap_status = INTEGRITY_UNKNOWN; 154 + iint->ima_bprm_status = INTEGRITY_UNKNOWN; 155 + iint->ima_module_status = INTEGRITY_UNKNOWN; 156 156 iint->evm_status = INTEGRITY_UNKNOWN; 157 157 } 158 158

+16 -5

security/integrity/ima/ima.h

··· 84 84 int ima_inode_alloc(struct inode *inode); 85 85 int ima_add_template_entry(struct ima_template_entry *entry, int violation, 86 86 const char *op, struct inode *inode); 87 - int ima_calc_hash(struct file *file, char *digest); 88 - int ima_calc_template_hash(int template_len, void *template, char *digest); 87 + int ima_calc_file_hash(struct file *file, char *digest); 88 + int ima_calc_buffer_hash(const void *data, int len, char *digest); 89 89 int ima_calc_boot_aggregate(char *digest); 90 90 void ima_add_violation(struct inode *inode, const unsigned char *filename, 91 91 const char *op, const char *cause); 92 + int ima_init_crypto(void); 92 93 93 94 /* 94 95 * used to protect h_table and sha_table ··· 120 119 int ima_store_template(struct ima_template_entry *entry, int violation, 121 120 struct inode *inode); 122 121 void ima_template_show(struct seq_file *m, void *e, enum ima_show_type show); 122 + const char *ima_d_path(struct path *path, char **pathbuf); 123 123 124 124 /* rbtree tree calls to lookup, insert, delete 125 125 * integrity data associated with an inode. ··· 129 127 struct integrity_iint_cache *integrity_iint_find(struct inode *inode); 130 128 131 129 /* IMA policy related functions */ 132 - enum ima_hooks { FILE_CHECK = 1, FILE_MMAP, BPRM_CHECK, MODULE_CHECK, POST_SETATTR }; 130 + enum ima_hooks { FILE_CHECK = 1, MMAP_CHECK, BPRM_CHECK, MODULE_CHECK, POST_SETATTR }; 133 131 134 132 int ima_match_policy(struct inode *inode, enum ima_hooks func, int mask, 135 133 int flags); ··· 144 142 #define IMA_APPRAISE_MODULES 0x04 145 143 146 144 #ifdef CONFIG_IMA_APPRAISE 147 - int ima_appraise_measurement(struct integrity_iint_cache *iint, 145 + int ima_appraise_measurement(int func, struct integrity_iint_cache *iint, 148 146 struct file *file, const unsigned char *filename); 149 147 int ima_must_appraise(struct inode *inode, int mask, enum ima_hooks func); 150 148 void ima_update_xattr(struct integrity_iint_cache *iint, struct file *file); 149 + enum integrity_status ima_get_cache_status(struct integrity_iint_cache *iint, 150 + int func); 151 151 152 152 #else 153 - static inline int ima_appraise_measurement(struct integrity_iint_cache *iint, 153 + static inline int ima_appraise_measurement(int func, 154 + struct integrity_iint_cache *iint, 154 155 struct file *file, 155 156 const unsigned char *filename) 156 157 { ··· 169 164 static inline void ima_update_xattr(struct integrity_iint_cache *iint, 170 165 struct file *file) 171 166 { 167 + } 168 + 169 + static inline enum integrity_status ima_get_cache_status(struct integrity_iint_cache 170 + *iint, int func) 171 + { 172 + return INTEGRITY_UNKNOWN; 172 173 } 173 174 #endif 174 175

+22 -5

security/integrity/ima/ima_api.c

··· 50 50 entry->template_len = sizeof(entry->template); 51 51 52 52 if (!violation) { 53 - result = ima_calc_template_hash(entry->template_len, 54 - &entry->template, 53 + result = ima_calc_buffer_hash(&entry->template, 54 + entry->template_len, 55 55 entry->digest); 56 56 if (result < 0) { 57 57 integrity_audit_msg(AUDIT_INTEGRITY_PCR, inode, ··· 100 100 * ima_get_action - appraise & measure decision based on policy. 101 101 * @inode: pointer to inode to measure 102 102 * @mask: contains the permission mask (MAY_READ, MAY_WRITE, MAY_EXECUTE) 103 - * @function: calling function (FILE_CHECK, BPRM_CHECK, FILE_MMAP, MODULE_CHECK) 103 + * @function: calling function (FILE_CHECK, BPRM_CHECK, MMAP_CHECK, MODULE_CHECK) 104 104 * 105 105 * The policy is defined in terms of keypairs: 106 106 * subj=, obj=, type=, func=, mask=, fsmagic= 107 107 * subj,obj, and type: are LSM specific. 108 - * func: FILE_CHECK | BPRM_CHECK | FILE_MMAP | MODULE_CHECK 108 + * func: FILE_CHECK | BPRM_CHECK | MMAP_CHECK | MODULE_CHECK 109 109 * mask: contains the permission mask 110 110 * fsmagic: hex value 111 111 * ··· 148 148 u64 i_version = file->f_dentry->d_inode->i_version; 149 149 150 150 iint->ima_xattr.type = IMA_XATTR_DIGEST; 151 - result = ima_calc_hash(file, iint->ima_xattr.digest); 151 + result = ima_calc_file_hash(file, iint->ima_xattr.digest); 152 152 if (!result) { 153 153 iint->version = i_version; 154 154 iint->flags |= IMA_COLLECTED; ··· 236 236 audit_log_end(ab); 237 237 238 238 iint->flags |= IMA_AUDITED; 239 + } 240 + 241 + const char *ima_d_path(struct path *path, char **pathbuf) 242 + { 243 + char *pathname = NULL; 244 + 245 + /* We will allow 11 spaces for ' (deleted)' to be appended */ 246 + *pathbuf = kmalloc(PATH_MAX + 11, GFP_KERNEL); 247 + if (*pathbuf) { 248 + pathname = d_path(path, *pathbuf, PATH_MAX + 11); 249 + if (IS_ERR(pathname)) { 250 + kfree(*pathbuf); 251 + *pathbuf = NULL; 252 + pathname = NULL; 253 + } 254 + } 255 + return pathname; 239 256 }

+73 -19

security/integrity/ima/ima_appraise.c

··· 42 42 return ima_match_policy(inode, func, mask, IMA_APPRAISE); 43 43 } 44 44 45 - static void ima_fix_xattr(struct dentry *dentry, 45 + static int ima_fix_xattr(struct dentry *dentry, 46 46 struct integrity_iint_cache *iint) 47 47 { 48 48 iint->ima_xattr.type = IMA_XATTR_DIGEST; 49 - __vfs_setxattr_noperm(dentry, XATTR_NAME_IMA, (u8 *)&iint->ima_xattr, 50 - sizeof iint->ima_xattr, 0); 49 + return __vfs_setxattr_noperm(dentry, XATTR_NAME_IMA, 50 + (u8 *)&iint->ima_xattr, 51 + sizeof(iint->ima_xattr), 0); 52 + } 53 + 54 + /* Return specific func appraised cached result */ 55 + enum integrity_status ima_get_cache_status(struct integrity_iint_cache *iint, 56 + int func) 57 + { 58 + switch(func) { 59 + case MMAP_CHECK: 60 + return iint->ima_mmap_status; 61 + case BPRM_CHECK: 62 + return iint->ima_bprm_status; 63 + case MODULE_CHECK: 64 + return iint->ima_module_status; 65 + case FILE_CHECK: 66 + default: 67 + return iint->ima_file_status; 68 + } 69 + } 70 + 71 + static void ima_set_cache_status(struct integrity_iint_cache *iint, 72 + int func, enum integrity_status status) 73 + { 74 + switch(func) { 75 + case MMAP_CHECK: 76 + iint->ima_mmap_status = status; 77 + break; 78 + case BPRM_CHECK: 79 + iint->ima_bprm_status = status; 80 + break; 81 + case MODULE_CHECK: 82 + iint->ima_module_status = status; 83 + break; 84 + case FILE_CHECK: 85 + default: 86 + iint->ima_file_status = status; 87 + break; 88 + } 89 + } 90 + 91 + static void ima_cache_flags(struct integrity_iint_cache *iint, int func) 92 + { 93 + switch(func) { 94 + case MMAP_CHECK: 95 + iint->flags |= (IMA_MMAP_APPRAISED | IMA_APPRAISED); 96 + break; 97 + case BPRM_CHECK: 98 + iint->flags |= (IMA_BPRM_APPRAISED | IMA_APPRAISED); 99 + break; 100 + case MODULE_CHECK: 101 + iint->flags |= (IMA_MODULE_APPRAISED | IMA_APPRAISED); 102 + break; 103 + case FILE_CHECK: 104 + default: 105 + iint->flags |= (IMA_FILE_APPRAISED | IMA_APPRAISED); 106 + break; 107 + } 51 108 } 52 109 53 110 /* ··· 115 58 * 116 59 * Return 0 on success, error code otherwise 117 60 */ 118 - int ima_appraise_measurement(struct integrity_iint_cache *iint, 61 + int ima_appraise_measurement(int func, struct integrity_iint_cache *iint, 119 62 struct file *file, const unsigned char *filename) 120 63 { 121 64 struct dentry *dentry = file->f_dentry; ··· 130 73 return 0; 131 74 if (!inode->i_op->getxattr) 132 75 return INTEGRITY_UNKNOWN; 133 - 134 - if (iint->flags & IMA_APPRAISED) 135 - return iint->ima_status; 136 76 137 77 rc = vfs_getxattr_alloc(dentry, XATTR_NAME_IMA, (char **)&xattr_value, 138 78 0, GFP_NOFS); ··· 152 98 cause = "invalid-HMAC"; 153 99 goto out; 154 100 } 155 - 156 101 switch (xattr_value->type) { 157 102 case IMA_XATTR_DIGEST: 103 + if (iint->flags & IMA_DIGSIG_REQUIRED) { 104 + cause = "IMA signature required"; 105 + status = INTEGRITY_FAIL; 106 + break; 107 + } 158 108 rc = memcmp(xattr_value->digest, iint->ima_xattr.digest, 159 109 IMA_DIGEST_SIZE); 160 110 if (rc) { 161 111 cause = "invalid-hash"; 162 112 status = INTEGRITY_FAIL; 163 - print_hex_dump_bytes("security.ima: ", DUMP_PREFIX_NONE, 164 - xattr_value, sizeof(*xattr_value)); 165 - print_hex_dump_bytes("collected: ", DUMP_PREFIX_NONE, 166 - (u8 *)&iint->ima_xattr, 167 - sizeof iint->ima_xattr); 168 113 break; 169 114 } 170 115 status = INTEGRITY_PASS; ··· 194 141 if ((ima_appraise & IMA_APPRAISE_FIX) && 195 142 (!xattr_value || 196 143 xattr_value->type != EVM_IMA_XATTR_DIGSIG)) { 197 - ima_fix_xattr(dentry, iint); 198 - status = INTEGRITY_PASS; 144 + if (!ima_fix_xattr(dentry, iint)) 145 + status = INTEGRITY_PASS; 199 146 } 200 147 integrity_audit_msg(AUDIT_INTEGRITY_DATA, inode, filename, 201 148 op, cause, rc, 0); 202 149 } else { 203 - iint->flags |= IMA_APPRAISED; 150 + ima_cache_flags(iint, func); 204 151 } 205 - iint->ima_status = status; 152 + ima_set_cache_status(iint, func, status); 206 153 kfree(xattr_value); 207 154 return status; 208 155 } ··· 248 195 must_appraise = ima_must_appraise(inode, MAY_ACCESS, POST_SETATTR); 249 196 iint = integrity_iint_find(inode); 250 197 if (iint) { 198 + iint->flags &= ~(IMA_APPRAISE | IMA_APPRAISED | 199 + IMA_APPRAISE_SUBMASK | IMA_APPRAISED_SUBMASK | 200 + IMA_ACTION_FLAGS); 251 201 if (must_appraise) 252 202 iint->flags |= IMA_APPRAISE; 253 - else 254 - iint->flags &= ~(IMA_APPRAISE | IMA_APPRAISED); 255 203 } 256 204 if (!must_appraise) 257 205 rc = inode->i_op->removexattr(dentry, XATTR_NAME_IMA);

+41 -42

security/integrity/ima/ima_crypto.c

··· 19 19 #include <linux/scatterlist.h> 20 20 #include <linux/err.h> 21 21 #include <linux/slab.h> 22 + #include <crypto/hash.h> 22 23 #include "ima.h" 23 24 24 - static int init_desc(struct hash_desc *desc) 25 - { 26 - int rc; 25 + static struct crypto_shash *ima_shash_tfm; 27 26 28 - desc->tfm = crypto_alloc_hash(ima_hash, 0, CRYPTO_ALG_ASYNC); 29 - if (IS_ERR(desc->tfm)) { 30 - pr_info("IMA: failed to load %s transform: %ld\n", 31 - ima_hash, PTR_ERR(desc->tfm)); 32 - rc = PTR_ERR(desc->tfm); 27 + int ima_init_crypto(void) 28 + { 29 + long rc; 30 + 31 + ima_shash_tfm = crypto_alloc_shash(ima_hash, 0, 0); 32 + if (IS_ERR(ima_shash_tfm)) { 33 + rc = PTR_ERR(ima_shash_tfm); 34 + pr_err("Can not allocate %s (reason: %ld)\n", ima_hash, rc); 33 35 return rc; 34 36 } 35 - desc->flags = 0; 36 - rc = crypto_hash_init(desc); 37 - if (rc) 38 - crypto_free_hash(desc->tfm); 39 - return rc; 37 + return 0; 40 38 } 41 39 42 40 /* 43 41 * Calculate the MD5/SHA1 file digest 44 42 */ 45 - int ima_calc_hash(struct file *file, char *digest) 43 + int ima_calc_file_hash(struct file *file, char *digest) 46 44 { 47 - struct hash_desc desc; 48 - struct scatterlist sg[1]; 49 45 loff_t i_size, offset = 0; 50 46 char *rbuf; 51 47 int rc, read = 0; 48 + struct { 49 + struct shash_desc shash; 50 + char ctx[crypto_shash_descsize(ima_shash_tfm)]; 51 + } desc; 52 52 53 - rc = init_desc(&desc); 53 + desc.shash.tfm = ima_shash_tfm; 54 + desc.shash.flags = 0; 55 + 56 + rc = crypto_shash_init(&desc.shash); 54 57 if (rc != 0) 55 58 return rc; 56 59 ··· 78 75 if (rbuf_len == 0) 79 76 break; 80 77 offset += rbuf_len; 81 - sg_init_one(sg, rbuf, rbuf_len); 82 78 83 - rc = crypto_hash_update(&desc, sg, rbuf_len); 79 + rc = crypto_shash_update(&desc.shash, rbuf, rbuf_len); 84 80 if (rc) 85 81 break; 86 82 } 87 83 kfree(rbuf); 88 84 if (!rc) 89 - rc = crypto_hash_final(&desc, digest); 85 + rc = crypto_shash_final(&desc.shash, digest); 90 86 if (read) 91 87 file->f_mode &= ~FMODE_READ; 92 88 out: 93 - crypto_free_hash(desc.tfm); 94 89 return rc; 95 90 } 96 91 97 92 /* 98 - * Calculate the hash of a given template 93 + * Calculate the hash of a given buffer 99 94 */ 100 - int ima_calc_template_hash(int template_len, void *template, char *digest) 95 + int ima_calc_buffer_hash(const void *data, int len, char *digest) 101 96 { 102 - struct hash_desc desc; 103 - struct scatterlist sg[1]; 104 - int rc; 97 + struct { 98 + struct shash_desc shash; 99 + char ctx[crypto_shash_descsize(ima_shash_tfm)]; 100 + } desc; 105 101 106 - rc = init_desc(&desc); 107 - if (rc != 0) 108 - return rc; 102 + desc.shash.tfm = ima_shash_tfm; 103 + desc.shash.flags = 0; 109 104 110 - sg_init_one(sg, template, template_len); 111 - rc = crypto_hash_update(&desc, sg, template_len); 112 - if (!rc) 113 - rc = crypto_hash_final(&desc, digest); 114 - crypto_free_hash(desc.tfm); 115 - return rc; 105 + return crypto_shash_digest(&desc.shash, data, len, digest); 116 106 } 117 107 118 108 static void __init ima_pcrread(int idx, u8 *pcr) ··· 122 126 */ 123 127 int __init ima_calc_boot_aggregate(char *digest) 124 128 { 125 - struct hash_desc desc; 126 - struct scatterlist sg; 127 129 u8 pcr_i[IMA_DIGEST_SIZE]; 128 130 int rc, i; 131 + struct { 132 + struct shash_desc shash; 133 + char ctx[crypto_shash_descsize(ima_shash_tfm)]; 134 + } desc; 129 135 130 - rc = init_desc(&desc); 136 + desc.shash.tfm = ima_shash_tfm; 137 + desc.shash.flags = 0; 138 + 139 + rc = crypto_shash_init(&desc.shash); 131 140 if (rc != 0) 132 141 return rc; 133 142 ··· 140 139 for (i = TPM_PCR0; i < TPM_PCR8; i++) { 141 140 ima_pcrread(i, pcr_i); 142 141 /* now accumulate with current aggregate */ 143 - sg_init_one(&sg, pcr_i, IMA_DIGEST_SIZE); 144 - rc = crypto_hash_update(&desc, &sg, IMA_DIGEST_SIZE); 142 + rc = crypto_shash_update(&desc.shash, pcr_i, IMA_DIGEST_SIZE); 145 143 } 146 144 if (!rc) 147 - crypto_hash_final(&desc, digest); 148 - crypto_free_hash(desc.tfm); 145 + crypto_shash_final(&desc.shash, digest); 149 146 return rc; 150 147 }

+3

security/integrity/ima/ima_init.c

··· 85 85 if (!ima_used_chip) 86 86 pr_info("IMA: No TPM chip found, activating TPM-bypass!\n"); 87 87 88 + rc = ima_init_crypto(); 89 + if (rc) 90 + return rc; 88 91 ima_add_boot_aggregate(); /* boot aggregate must be first entry */ 89 92 ima_init_policy(); 90 93

+63 -75

security/integrity/ima/ima_main.c

··· 61 61 fmode_t mode = file->f_mode; 62 62 int must_measure; 63 63 bool send_tomtou = false, send_writers = false; 64 - unsigned char *pathname = NULL, *pathbuf = NULL; 64 + char *pathbuf = NULL; 65 + const char *pathname; 65 66 66 67 if (!S_ISREG(inode->i_mode) || !ima_initialized) 67 68 return; ··· 87 86 if (!send_tomtou && !send_writers) 88 87 return; 89 88 90 - /* We will allow 11 spaces for ' (deleted)' to be appended */ 91 - pathbuf = kmalloc(PATH_MAX + 11, GFP_KERNEL); 92 - if (pathbuf) { 93 - pathname = d_path(&file->f_path, pathbuf, PATH_MAX + 11); 94 - if (IS_ERR(pathname)) 95 - pathname = NULL; 96 - else if (strlen(pathname) > IMA_EVENT_NAME_LEN_MAX) 97 - pathname = NULL; 98 - } 89 + pathname = ima_d_path(&file->f_path, &pathbuf); 90 + if (!pathname || strlen(pathname) > IMA_EVENT_NAME_LEN_MAX) 91 + pathname = dentry->d_name.name; 92 + 99 93 if (send_tomtou) 100 - ima_add_violation(inode, 101 - !pathname ? dentry->d_name.name : pathname, 94 + ima_add_violation(inode, pathname, 102 95 "invalid_pcr", "ToMToU"); 103 96 if (send_writers) 104 - ima_add_violation(inode, 105 - !pathname ? dentry->d_name.name : pathname, 97 + ima_add_violation(inode, pathname, 106 98 "invalid_pcr", "open_writers"); 107 99 kfree(pathbuf); 108 100 } ··· 139 145 ima_check_last_writer(iint, inode, file); 140 146 } 141 147 142 - static int process_measurement(struct file *file, const unsigned char *filename, 148 + static int process_measurement(struct file *file, const char *filename, 143 149 int mask, int function) 144 150 { 145 151 struct inode *inode = file->f_dentry->d_inode; 146 152 struct integrity_iint_cache *iint; 147 - unsigned char *pathname = NULL, *pathbuf = NULL; 148 - int rc = -ENOMEM, action, must_appraise; 153 + char *pathbuf = NULL; 154 + const char *pathname = NULL; 155 + int rc = -ENOMEM, action, must_appraise, _func; 149 156 150 157 if (!ima_initialized || !S_ISREG(inode->i_mode)) 151 158 return 0; 152 159 153 - /* Determine if in appraise/audit/measurement policy, 154 - * returns IMA_MEASURE, IMA_APPRAISE, IMA_AUDIT bitmask. */ 160 + /* Return an IMA_MEASURE, IMA_APPRAISE, IMA_AUDIT action 161 + * bitmask based on the appraise/audit/measurement policy. 162 + * Included is the appraise submask. 163 + */ 155 164 action = ima_get_action(inode, mask, function); 156 165 if (!action) 157 166 return 0; 158 167 159 168 must_appraise = action & IMA_APPRAISE; 169 + 170 + /* Is the appraise rule hook specific? */ 171 + _func = (action & IMA_FILE_APPRAISE) ? FILE_CHECK : function; 160 172 161 173 mutex_lock(&inode->i_mutex); 162 174 ··· 171 171 goto out; 172 172 173 173 /* Determine if already appraised/measured based on bitmask 174 - * (IMA_MEASURE, IMA_MEASURED, IMA_APPRAISE, IMA_APPRAISED, 175 - * IMA_AUDIT, IMA_AUDITED) */ 174 + * (IMA_MEASURE, IMA_MEASURED, IMA_XXXX_APPRAISE, IMA_XXXX_APPRAISED, 175 + * IMA_AUDIT, IMA_AUDITED) 176 + */ 176 177 iint->flags |= action; 178 + action &= IMA_DO_MASK; 177 179 action &= ~((iint->flags & IMA_DONE_MASK) >> 1); 178 180 179 181 /* Nothing to do, just return existing appraised status */ 180 182 if (!action) { 181 - if (iint->flags & IMA_APPRAISED) 182 - rc = iint->ima_status; 183 - goto out; 183 + if (must_appraise) 184 + rc = ima_get_cache_status(iint, _func); 185 + goto out_digsig; 184 186 } 185 187 186 188 rc = ima_collect_measurement(iint, file); 187 189 if (rc != 0) 188 - goto out; 190 + goto out_digsig; 189 191 190 - if (function != BPRM_CHECK) { 191 - /* We will allow 11 spaces for ' (deleted)' to be appended */ 192 - pathbuf = kmalloc(PATH_MAX + 11, GFP_KERNEL); 193 - if (pathbuf) { 194 - pathname = 195 - d_path(&file->f_path, pathbuf, PATH_MAX + 11); 196 - if (IS_ERR(pathname)) 197 - pathname = NULL; 198 - } 199 - } 192 + if (function != BPRM_CHECK) 193 + pathname = ima_d_path(&file->f_path, &pathbuf); 194 + 195 + if (!pathname) 196 + pathname = filename; 197 + 200 198 if (action & IMA_MEASURE) 201 - ima_store_measurement(iint, file, 202 - !pathname ? filename : pathname); 203 - if (action & IMA_APPRAISE) 204 - rc = ima_appraise_measurement(iint, file, 205 - !pathname ? filename : pathname); 199 + ima_store_measurement(iint, file, pathname); 200 + if (action & IMA_APPRAISE_SUBMASK) 201 + rc = ima_appraise_measurement(_func, iint, file, pathname); 206 202 if (action & IMA_AUDIT) 207 - ima_audit_measurement(iint, !pathname ? filename : pathname); 203 + ima_audit_measurement(iint, pathname); 208 204 kfree(pathbuf); 205 + out_digsig: 206 + if ((mask & MAY_WRITE) && (iint->flags & IMA_DIGSIG)) 207 + rc = -EACCES; 209 208 out: 210 209 mutex_unlock(&inode->i_mutex); 211 - return (rc && must_appraise) ? -EACCES : 0; 210 + if ((rc && must_appraise) && (ima_appraise & IMA_APPRAISE_ENFORCE)) 211 + return -EACCES; 212 + return 0; 212 213 } 213 214 214 215 /** ··· 220 219 * Measure files being mmapped executable based on the ima_must_measure() 221 220 * policy decision. 222 221 * 223 - * Return 0 on success, an error code on failure. 224 - * (Based on the results of appraise_measurement().) 222 + * On success return 0. On integrity appraisal error, assuming the file 223 + * is in policy and IMA-appraisal is in enforcing mode, return -EACCES. 225 224 */ 226 225 int ima_file_mmap(struct file *file, unsigned long prot) 227 226 { 228 - int rc = 0; 229 - 230 - if (!file) 231 - return 0; 232 - if (prot & PROT_EXEC) 233 - rc = process_measurement(file, file->f_dentry->d_name.name, 234 - MAY_EXEC, FILE_MMAP); 235 - return (ima_appraise & IMA_APPRAISE_ENFORCE) ? rc : 0; 227 + if (file && (prot & PROT_EXEC)) 228 + return process_measurement(file, file->f_dentry->d_name.name, 229 + MAY_EXEC, MMAP_CHECK); 230 + return 0; 236 231 } 237 232 238 233 /** ··· 241 244 * So we can be certain that what we verify and measure here is actually 242 245 * what is being executed. 243 246 * 244 - * Return 0 on success, an error code on failure. 245 - * (Based on the results of appraise_measurement().) 247 + * On success return 0. On integrity appraisal error, assuming the file 248 + * is in policy and IMA-appraisal is in enforcing mode, return -EACCES. 246 249 */ 247 250 int ima_bprm_check(struct linux_binprm *bprm) 248 251 { 249 - int rc; 250 - 251 - rc = process_measurement(bprm->file, 252 + return process_measurement(bprm->file, 252 253 (strcmp(bprm->filename, bprm->interp) == 0) ? 253 254 bprm->filename : bprm->interp, 254 255 MAY_EXEC, BPRM_CHECK); 255 - return (ima_appraise & IMA_APPRAISE_ENFORCE) ? rc : 0; 256 256 } 257 257 258 258 /** ··· 259 265 * 260 266 * Measure files based on the ima_must_measure() policy decision. 261 267 * 262 - * Always return 0 and audit dentry_open failures. 263 - * (Return code will be based upon measurement appraisal.) 268 + * On success return 0. On integrity appraisal error, assuming the file 269 + * is in policy and IMA-appraisal is in enforcing mode, return -EACCES. 264 270 */ 265 271 int ima_file_check(struct file *file, int mask) 266 272 { 267 - int rc; 268 - 269 273 ima_rdwr_violation_check(file); 270 - rc = process_measurement(file, file->f_dentry->d_name.name, 274 + return process_measurement(file, file->f_dentry->d_name.name, 271 275 mask & (MAY_READ | MAY_WRITE | MAY_EXEC), 272 276 FILE_CHECK); 273 - return (ima_appraise & IMA_APPRAISE_ENFORCE) ? rc : 0; 274 277 } 275 278 EXPORT_SYMBOL_GPL(ima_file_check); 276 279 ··· 277 286 * 278 287 * Measure/appraise kernel modules based on policy. 279 288 * 280 - * Always return 0 and audit dentry_open failures. 281 - * Return code is based upon measurement appraisal. 289 + * On success return 0. On integrity appraisal error, assuming the file 290 + * is in policy and IMA-appraisal is in enforcing mode, return -EACCES. 282 291 */ 283 292 int ima_module_check(struct file *file) 284 293 { 285 - int rc = 0; 286 - 287 294 if (!file) { 288 - if (ima_appraise & IMA_APPRAISE_MODULES) { 289 295 #ifndef CONFIG_MODULE_SIG_FORCE 290 - rc = -EACCES; /* INTEGRITY_UNKNOWN */ 296 + if (ima_appraise & IMA_APPRAISE_MODULES) 297 + return -EACCES; /* INTEGRITY_UNKNOWN */ 291 298 #endif 292 - } 293 - } else 294 - rc = process_measurement(file, file->f_dentry->d_name.name, 295 - MAY_EXEC, MODULE_CHECK); 296 - return (ima_appraise & IMA_APPRAISE_ENFORCE) ? rc : 0; 299 + return 0; /* We rely on module signature checking */ 300 + } 301 + return process_measurement(file, file->f_dentry->d_name.name, 302 + MAY_EXEC, MODULE_CHECK); 297 303 } 298 304 299 305 static int __init init_ima(void)

+124 -14

security/integrity/ima/ima_policy.c

··· 16 16 #include <linux/magic.h> 17 17 #include <linux/parser.h> 18 18 #include <linux/slab.h> 19 + #include <linux/genhd.h> 19 20 20 21 #include "ima.h" 21 22 ··· 26 25 #define IMA_FSMAGIC 0x0004 27 26 #define IMA_UID 0x0008 28 27 #define IMA_FOWNER 0x0010 28 + #define IMA_FSUUID 0x0020 29 29 30 30 #define UNKNOWN 0 31 31 #define MEASURE 0x0001 /* same as IMA_MEASURE */ ··· 47 45 enum ima_hooks func; 48 46 int mask; 49 47 unsigned long fsmagic; 48 + u8 fsuuid[16]; 50 49 kuid_t uid; 51 50 kuid_t fowner; 52 51 struct { 53 52 void *rule; /* LSM file metadata specific */ 53 + void *args_p; /* audit value */ 54 54 int type; /* audit type */ 55 55 } lsm[MAX_LSM_RULES]; 56 56 }; ··· 78 74 {.action = DONT_MEASURE,.fsmagic = BINFMTFS_MAGIC,.flags = IMA_FSMAGIC}, 79 75 {.action = DONT_MEASURE,.fsmagic = SECURITYFS_MAGIC,.flags = IMA_FSMAGIC}, 80 76 {.action = DONT_MEASURE,.fsmagic = SELINUX_MAGIC,.flags = IMA_FSMAGIC}, 81 - {.action = MEASURE,.func = FILE_MMAP,.mask = MAY_EXEC, 77 + {.action = MEASURE,.func = MMAP_CHECK,.mask = MAY_EXEC, 82 78 .flags = IMA_FUNC | IMA_MASK}, 83 79 {.action = MEASURE,.func = BPRM_CHECK,.mask = MAY_EXEC, 84 80 .flags = IMA_FUNC | IMA_MASK}, ··· 123 119 } 124 120 __setup("ima_appraise_tcb", default_appraise_policy_setup); 125 121 122 + /* 123 + * Although the IMA policy does not change, the LSM policy can be 124 + * reloaded, leaving the IMA LSM based rules referring to the old, 125 + * stale LSM policy. 126 + * 127 + * Update the IMA LSM based rules to reflect the reloaded LSM policy. 128 + * We assume the rules still exist; and BUG_ON() if they don't. 129 + */ 130 + static void ima_lsm_update_rules(void) 131 + { 132 + struct ima_rule_entry *entry, *tmp; 133 + int result; 134 + int i; 135 + 136 + mutex_lock(&ima_rules_mutex); 137 + list_for_each_entry_safe(entry, tmp, &ima_policy_rules, list) { 138 + for (i = 0; i < MAX_LSM_RULES; i++) { 139 + if (!entry->lsm[i].rule) 140 + continue; 141 + result = security_filter_rule_init(entry->lsm[i].type, 142 + Audit_equal, 143 + entry->lsm[i].args_p, 144 + &entry->lsm[i].rule); 145 + BUG_ON(!entry->lsm[i].rule); 146 + } 147 + } 148 + mutex_unlock(&ima_rules_mutex); 149 + } 150 + 126 151 /** 127 152 * ima_match_rules - determine whether an inode matches the measure rule. 128 153 * @rule: a pointer to a rule ··· 175 142 if ((rule->flags & IMA_FSMAGIC) 176 143 && rule->fsmagic != inode->i_sb->s_magic) 177 144 return false; 145 + if ((rule->flags & IMA_FSUUID) && 146 + memcmp(rule->fsuuid, inode->i_sb->s_uuid, sizeof(rule->fsuuid))) 147 + return false; 178 148 if ((rule->flags & IMA_UID) && !uid_eq(rule->uid, cred->uid)) 179 149 return false; 180 150 if ((rule->flags & IMA_FOWNER) && !uid_eq(rule->fowner, inode->i_uid)) ··· 185 149 for (i = 0; i < MAX_LSM_RULES; i++) { 186 150 int rc = 0; 187 151 u32 osid, sid; 152 + int retried = 0; 188 153 189 154 if (!rule->lsm[i].rule) 190 155 continue; 191 - 156 + retry: 192 157 switch (i) { 193 158 case LSM_OBJ_USER: 194 159 case LSM_OBJ_ROLE: ··· 213 176 default: 214 177 break; 215 178 } 179 + if ((rc < 0) && (!retried)) { 180 + retried = 1; 181 + ima_lsm_update_rules(); 182 + goto retry; 183 + } 216 184 if (!rc) 217 185 return false; 218 186 } 219 187 return true; 188 + } 189 + 190 + /* 191 + * In addition to knowing that we need to appraise the file in general, 192 + * we need to differentiate between calling hooks, for hook specific rules. 193 + */ 194 + static int get_subaction(struct ima_rule_entry *rule, int func) 195 + { 196 + if (!(rule->flags & IMA_FUNC)) 197 + return IMA_FILE_APPRAISE; 198 + 199 + switch(func) { 200 + case MMAP_CHECK: 201 + return IMA_MMAP_APPRAISE; 202 + case BPRM_CHECK: 203 + return IMA_BPRM_APPRAISE; 204 + case MODULE_CHECK: 205 + return IMA_MODULE_APPRAISE; 206 + case FILE_CHECK: 207 + default: 208 + return IMA_FILE_APPRAISE; 209 + } 220 210 } 221 211 222 212 /** ··· 273 209 if (!ima_match_rules(entry, inode, func, mask)) 274 210 continue; 275 211 212 + action |= entry->flags & IMA_ACTION_FLAGS; 213 + 276 214 action |= entry->action & IMA_DO_MASK; 215 + if (entry->action & IMA_APPRAISE) 216 + action |= get_subaction(entry, func); 217 + 277 218 if (entry->action & IMA_DO_MASK) 278 219 actmask &= ~(entry->action | entry->action << 1); 279 220 else ··· 351 282 Opt_audit, 352 283 Opt_obj_user, Opt_obj_role, Opt_obj_type, 353 284 Opt_subj_user, Opt_subj_role, Opt_subj_type, 354 - Opt_func, Opt_mask, Opt_fsmagic, Opt_uid, Opt_fowner 285 + Opt_func, Opt_mask, Opt_fsmagic, Opt_uid, Opt_fowner, 286 + Opt_appraise_type, Opt_fsuuid 355 287 }; 356 288 357 289 static match_table_t policy_tokens = { ··· 370 300 {Opt_func, "func=%s"}, 371 301 {Opt_mask, "mask=%s"}, 372 302 {Opt_fsmagic, "fsmagic=%s"}, 303 + {Opt_fsuuid, "fsuuid=%s"}, 373 304 {Opt_uid, "uid=%s"}, 374 305 {Opt_fowner, "fowner=%s"}, 306 + {Opt_appraise_type, "appraise_type=%s"}, 375 307 {Opt_err, NULL} 376 308 }; 377 309 378 310 static int ima_lsm_rule_init(struct ima_rule_entry *entry, 379 - char *args, int lsm_rule, int audit_type) 311 + substring_t *args, int lsm_rule, int audit_type) 380 312 { 381 313 int result; 382 314 383 315 if (entry->lsm[lsm_rule].rule) 384 316 return -EINVAL; 385 317 318 + entry->lsm[lsm_rule].args_p = match_strdup(args); 319 + if (!entry->lsm[lsm_rule].args_p) 320 + return -ENOMEM; 321 + 386 322 entry->lsm[lsm_rule].type = audit_type; 387 323 result = security_filter_rule_init(entry->lsm[lsm_rule].type, 388 - Audit_equal, args, 324 + Audit_equal, 325 + entry->lsm[lsm_rule].args_p, 389 326 &entry->lsm[lsm_rule].rule); 390 - if (!entry->lsm[lsm_rule].rule) 327 + if (!entry->lsm[lsm_rule].rule) { 328 + kfree(entry->lsm[lsm_rule].args_p); 391 329 return -EINVAL; 330 + } 331 + 392 332 return result; 393 333 } 394 334 ··· 484 404 entry->func = FILE_CHECK; 485 405 else if (strcmp(args[0].from, "MODULE_CHECK") == 0) 486 406 entry->func = MODULE_CHECK; 487 - else if (strcmp(args[0].from, "FILE_MMAP") == 0) 488 - entry->func = FILE_MMAP; 407 + else if ((strcmp(args[0].from, "FILE_MMAP") == 0) 408 + || (strcmp(args[0].from, "MMAP_CHECK") == 0)) 409 + entry->func = MMAP_CHECK; 489 410 else if (strcmp(args[0].from, "BPRM_CHECK") == 0) 490 411 entry->func = BPRM_CHECK; 491 412 else ··· 526 445 if (!result) 527 446 entry->flags |= IMA_FSMAGIC; 528 447 break; 448 + case Opt_fsuuid: 449 + ima_log_string(ab, "fsuuid", args[0].from); 450 + 451 + if (memchr_inv(entry->fsuuid, 0x00, 452 + sizeof(entry->fsuuid))) { 453 + result = -EINVAL; 454 + break; 455 + } 456 + 457 + part_pack_uuid(args[0].from, entry->fsuuid); 458 + entry->flags |= IMA_FSUUID; 459 + result = 0; 460 + break; 529 461 case Opt_uid: 530 462 ima_log_string(ab, "uid", args[0].from); 531 463 ··· 575 481 break; 576 482 case Opt_obj_user: 577 483 ima_log_string(ab, "obj_user", args[0].from); 578 - result = ima_lsm_rule_init(entry, args[0].from, 484 + result = ima_lsm_rule_init(entry, args, 579 485 LSM_OBJ_USER, 580 486 AUDIT_OBJ_USER); 581 487 break; 582 488 case Opt_obj_role: 583 489 ima_log_string(ab, "obj_role", args[0].from); 584 - result = ima_lsm_rule_init(entry, args[0].from, 490 + result = ima_lsm_rule_init(entry, args, 585 491 LSM_OBJ_ROLE, 586 492 AUDIT_OBJ_ROLE); 587 493 break; 588 494 case Opt_obj_type: 589 495 ima_log_string(ab, "obj_type", args[0].from); 590 - result = ima_lsm_rule_init(entry, args[0].from, 496 + result = ima_lsm_rule_init(entry, args, 591 497 LSM_OBJ_TYPE, 592 498 AUDIT_OBJ_TYPE); 593 499 break; 594 500 case Opt_subj_user: 595 501 ima_log_string(ab, "subj_user", args[0].from); 596 - result = ima_lsm_rule_init(entry, args[0].from, 502 + result = ima_lsm_rule_init(entry, args, 597 503 LSM_SUBJ_USER, 598 504 AUDIT_SUBJ_USER); 599 505 break; 600 506 case Opt_subj_role: 601 507 ima_log_string(ab, "subj_role", args[0].from); 602 - result = ima_lsm_rule_init(entry, args[0].from, 508 + result = ima_lsm_rule_init(entry, args, 603 509 LSM_SUBJ_ROLE, 604 510 AUDIT_SUBJ_ROLE); 605 511 break; 606 512 case Opt_subj_type: 607 513 ima_log_string(ab, "subj_type", args[0].from); 608 - result = ima_lsm_rule_init(entry, args[0].from, 514 + result = ima_lsm_rule_init(entry, args, 609 515 LSM_SUBJ_TYPE, 610 516 AUDIT_SUBJ_TYPE); 517 + break; 518 + case Opt_appraise_type: 519 + if (entry->action != APPRAISE) { 520 + result = -EINVAL; 521 + break; 522 + } 523 + 524 + ima_log_string(ab, "appraise_type", args[0].from); 525 + if ((strcmp(args[0].from, "imasig")) == 0) 526 + entry->flags |= IMA_DIGSIG_REQUIRED; 527 + else 528 + result = -EINVAL; 611 529 break; 612 530 case Opt_err: 613 531 ima_log_string(ab, "UNKNOWN", p); ··· 696 590 void ima_delete_rules(void) 697 591 { 698 592 struct ima_rule_entry *entry, *tmp; 593 + int i; 699 594 700 595 mutex_lock(&ima_rules_mutex); 701 596 list_for_each_entry_safe(entry, tmp, &ima_policy_rules, list) { 597 + for (i = 0; i < MAX_LSM_RULES; i++) 598 + kfree(entry->lsm[i].args_p); 599 + 702 600 list_del(&entry->list); 703 601 kfree(entry); 704 602 }

+47 -15

security/integrity/integrity.h

··· 14 14 #include <linux/types.h> 15 15 #include <linux/integrity.h> 16 16 #include <crypto/sha.h> 17 + #include <linux/key.h> 17 18 18 19 /* iint action cache flags */ 19 - #define IMA_MEASURE 0x0001 20 - #define IMA_MEASURED 0x0002 21 - #define IMA_APPRAISE 0x0004 22 - #define IMA_APPRAISED 0x0008 23 - /*#define IMA_COLLECT 0x0010 do not use this flag */ 24 - #define IMA_COLLECTED 0x0020 25 - #define IMA_AUDIT 0x0040 26 - #define IMA_AUDITED 0x0080 20 + #define IMA_MEASURE 0x00000001 21 + #define IMA_MEASURED 0x00000002 22 + #define IMA_APPRAISE 0x00000004 23 + #define IMA_APPRAISED 0x00000008 24 + /*#define IMA_COLLECT 0x00000010 do not use this flag */ 25 + #define IMA_COLLECTED 0x00000020 26 + #define IMA_AUDIT 0x00000040 27 + #define IMA_AUDITED 0x00000080 27 28 28 29 /* iint cache flags */ 29 - #define IMA_DIGSIG 0x0100 30 + #define IMA_ACTION_FLAGS 0xff000000 31 + #define IMA_DIGSIG 0x01000000 32 + #define IMA_DIGSIG_REQUIRED 0x02000000 30 33 31 - #define IMA_DO_MASK (IMA_MEASURE | IMA_APPRAISE | IMA_AUDIT) 32 - #define IMA_DONE_MASK (IMA_MEASURED | IMA_APPRAISED | IMA_AUDITED \ 33 - | IMA_COLLECTED) 34 + #define IMA_DO_MASK (IMA_MEASURE | IMA_APPRAISE | IMA_AUDIT | \ 35 + IMA_APPRAISE_SUBMASK) 36 + #define IMA_DONE_MASK (IMA_MEASURED | IMA_APPRAISED | IMA_AUDITED | \ 37 + IMA_COLLECTED | IMA_APPRAISED_SUBMASK) 38 + 39 + /* iint subaction appraise cache flags */ 40 + #define IMA_FILE_APPRAISE 0x00000100 41 + #define IMA_FILE_APPRAISED 0x00000200 42 + #define IMA_MMAP_APPRAISE 0x00000400 43 + #define IMA_MMAP_APPRAISED 0x00000800 44 + #define IMA_BPRM_APPRAISE 0x00001000 45 + #define IMA_BPRM_APPRAISED 0x00002000 46 + #define IMA_MODULE_APPRAISE 0x00004000 47 + #define IMA_MODULE_APPRAISED 0x00008000 48 + #define IMA_APPRAISE_SUBMASK (IMA_FILE_APPRAISE | IMA_MMAP_APPRAISE | \ 49 + IMA_BPRM_APPRAISE | IMA_MODULE_APPRAISE) 50 + #define IMA_APPRAISED_SUBMASK (IMA_FILE_APPRAISED | IMA_MMAP_APPRAISED | \ 51 + IMA_BPRM_APPRAISED | IMA_MODULE_APPRAISED) 34 52 35 53 enum evm_ima_xattr_type { 36 54 IMA_XATTR_DIGEST = 0x01, ··· 66 48 struct rb_node rb_node; /* rooted in integrity_iint_tree */ 67 49 struct inode *inode; /* back pointer to inode in question */ 68 50 u64 version; /* track inode changes */ 69 - unsigned short flags; 51 + unsigned long flags; 70 52 struct evm_ima_xattr_data ima_xattr; 71 - enum integrity_status ima_status; 72 - enum integrity_status evm_status; 53 + enum integrity_status ima_file_status:4; 54 + enum integrity_status ima_mmap_status:4; 55 + enum integrity_status ima_bprm_status:4; 56 + enum integrity_status ima_module_status:4; 57 + enum integrity_status evm_status:4; 73 58 }; 74 59 75 60 /* rbtree tree calls to lookup, insert, delete ··· 101 80 } 102 81 103 82 #endif /* CONFIG_INTEGRITY_SIGNATURE */ 83 + 84 + #ifdef CONFIG_INTEGRITY_ASYMMETRIC_KEYS 85 + int asymmetric_verify(struct key *keyring, const char *sig, 86 + int siglen, const char *data, int datalen); 87 + #else 88 + static inline int asymmetric_verify(struct key *keyring, const char *sig, 89 + int siglen, const char *data, int datalen) 90 + { 91 + return -EOPNOTSUPP; 92 + } 93 + #endif 104 94 105 95 /* set during initialization */ 106 96 extern int iint_initialized;